hyperpowers-agents
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface where subagents ingest untrusted data from external sources.\n
- Ingestion points:
references/internet-researcher.md(fetches web content via search tools) andreferences/codebase-investigator.md(reads local files and searches codebase).\n - Boundary markers: Not present; the prompt files do not provide instructions for the subagent to use specific delimiters or ignore instructions found within fetched content.\n
- Capability inventory: The subagents have access to tools for filesystem access, network research, and secondary command execution via the test-runner subagent.\n
- Sanitization: Not present; no instructions for content validation, escaping, or filtering are included in the subagent prompts.\n- [COMMAND_EXECUTION]: The
test-runner.mdsubagent is designed to execute arbitrary shell commands provided by the user, representing a significant capability.\n - Evidence:
references/test-runner.mdinstructs the subagent to "Execute the exact command provided by the user" and identifies various test runners (pytest, cargo, npm, etc.) and git commands.\n - Evidence:
SKILL.mdincludes an example of spawning an agent to executepytest tests/.
Audit Metadata