Security risk report for @forgecat/obra_superpowers v0.0.10
Source Integrity
Low
Profile is a converted upstream package from a legitimate public GitHub repository (obra/superpowers) with MIT license.
ForgeCat wrapper maintains clear attribution to original source and provides installation via official package registry.
Agent Intent
Low
Content describes a legitimate software development methodology (planning, TDD, code review, subagent coordination) with no instructions to manipulate the AI, exfiltrate data, or bypass security controls.
Skill instructions are procedural workflows (brainstorming, planning, execution, review) that guide the agent through structured development tasks—no prompt injection, role hijacking, or guidance poisoning detected.
References to external URLs (GitHub repos, plugin marketplaces) are for legitimate installation and documentation, not exfiltration or malicious payload delivery.
Details
Evidence
brainstorming/SKILL.md: 'Do NOT invoke any implementation skill... until you have presented a design and the user has approved it' — enforces user control, not agent autonomy.
receiving-code-review/SKILL.md: 'Verify before implementing. Ask before assuming. Technical correctness over social comfort.' — emphasizes verification and pushback, not blind obedience.
finishing-a-development-branch/SKILL.md: Detailed safety checks (test verification, environment detection, confirmation gates) — no instruction to hide actions or skip verification.
Permissions
PRM-003Medium
The static scanner flagged a session-start.sh hook with no tool match, indicating a shell hook that runs automatically at session start — this is a medium-to-high risk pattern as it executes code without explicit user invocation.
The profile's skills instruct the agent to dispatch subagents, run shell commands (npm test, cargo test, pytest, git operations, gh pr create), and manage git worktrees, which is broader than a pure advisory/documentation role.
No declared tools are listed in the profile metadata, so the actual permissions exercised depend on the hook script content which was not fully reviewed; the combination of auto-running hooks and subagent dispatch warrants caution.