install-skills-for-personal-work
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs skills from external GitHub repositories. While repositories from anthropics, vercel-labs, and supabase are trusted, the skill also targets obra/superpowers, which is an unverified source.\n- [REMOTE_CODE_EXECUTION]: Uses npx to execute the skills utility, which downloads and installs content from the npm registry and GitHub. This process involves the execution of external logic to configure the agent's environment.\n- [COMMAND_EXECUTION]: Directly runs shell commands (npx skills add, npx skills list, npx skills remove) to modify the system or workspace state.\n- [PROMPT_INJECTION]: Creates an attack surface for indirect prompt injection. The skill is designed to ingest and activate instructions from remote repositories without a validation or sanitization step, allowing potentially malicious instructions in those repositories to influence the agent's future behavior.\n
- Ingestion points: Remote GitHub repositories (obra/superpowers, vercel-labs/agent-skills, anthropics/skills, supabase/agent-skills).\n
- Boundary markers: None present in the instructions to prevent the agent from obeying instructions embedded in the downloaded content.\n
- Capability inventory: Shell execution (npx), global package installation, environment modification.\n
- Sanitization: No sanitization or content validation is performed prior to installation.
Audit Metadata