sharing-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill transmits local file content to remote repositories as part of a standard contribution workflow.\n
- Evidence: The use of
git pushandgh pr createsends local commits and pull request metadata to GitHub.\n - Context: This is the primary intended function of the skill and occurs within the user's authenticated environment.\n- [Indirect Prompt Injection] (LOW): The skill provides a surface for injection by incorporating local variables and file content into shell commands.\n
- Ingestion points: The
${skill_name}variable and the content of skills files located in~/.config/superpowers/skills/.\n - Boundary markers: No specific delimiters are used for shell variables; however, quoted heredocs (
<<'EOF') are used for multi-line content.\n - Capability inventory: Execution of
gitandghCLI tools in the host shell.\n - Sanitization: The implementation correctly uses quoted heredocs (
<<'EOF'), which is a security best practice to prevent shell expansion and command injection within text blocks.\n- [Command Execution] (LOW): The skill generates and executes shell commands to manage version control and pull requests. This is a legitimate use of command execution for the stated purpose of code sharing and follows standard developer templates.
Audit Metadata