meta-superpowers

The meta-superpowers document is a high-risk orchestration policy rather than direct malware. Its mandatory, unconditional requirement to discover and execute other skills (including 'load the latest file') creates significant supply-chain, prompt-injection, and autonomy-abuse risks. If deployed without strong controls (provenance verification, per-skill consent, sandboxing, least-privilege secrets access, and allowlisting), it materially increases the chance that malicious or compromised skills will execute arbitrary code, exfiltrate data, or misuse credentials. Recommended remediation: require origin verification and signatures for skills, implement explicit user consent and per-skill permission prompts, sandbox skill execution, and apply least-privilege access to secrets and network resources.