superpowers-factory-bridge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The templates for the Implementer and Reviewer agents ingest external data such as task descriptions and Source of Truth (SoT) specifications. Maliciously crafted inputs in these fields could attempt to subvert the agent's constraints.
- Ingestion points: Found in
prompts/implementer-with-factory.mdandprompts/quality-reviewer-enhanced.mdvia placeholders like[任务描述]and[相关状态定义]. - Boundary markers: The skill uses Markdown headers (e.g.,
## 任务描述) as structural delimiters, but lacks explicit instructions for the agent to ignore or sanitize embedded commands within that data. - Capability inventory: The skill utilizes powerful tools including
/gen be,/gen fe,/gen test, and/sc:analyze, which perform file system operations and code execution. - Sanitization: No explicit sanitization logic for untrusted input is defined in the prompt instructions.
- Dynamic Execution (LOW): The skill mandates a 'Test-Driven Development' (TDD) cycle where the agent generates and executes test code (
/gen test). While execution of generated code is a risk, it is the primary intended function of this 'AI Code Factory' skill and is executed within a controlled tool context.
Audit Metadata