Alpha Preview: Fidensa is currently in early testing. Scores are for demonstration purposes and are not considered final or reliable.

Plugin◉ Verified

superpowers

An agentic skills framework that bundles 14+ development tools into a composite plugin for automating test-driven development, brainstorming, planning, and code review workflows in Claude Code.

/ 100 · Grade F-D

F-D = below 60 (deductions)

“I need to automate and streamline my software development workflow with integrated testing, planning, brainstorming, and code review capabilities in a single comprehensive framework.”

development-toolsautomationworkflowtestingcode-reviewplanningmethodology

Publisher: Jesse VincentVersion: 5.0.7Certified: Apr 1, 2026Expires: Apr 1, 2027Source ↗

superpowers earned Verified status with a trust score of 62/100 (Grade F-D). Adversarial testing produced 8 findings (8 high). Supply chain is clean — 3 components with no known vulnerabilities. Security scan flagged 19 findings. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

0% × 15w

0.0

supply chain

100% × 10w

10.0

adversarial

23% × 25w

5.7

provenance

100% × 20w

20.0

consumer confirm

100% × 10w

10.0

behavioral pass

100% × 10w

10.0

contract accuracy

67% × 6w

4.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL

staticbehavioralllmmeta

critical: 2high: 5medium: 7low: 5

Finding details

highprompt injectionllmbrainstorming

The SKILL.md contains a <HARD-GATE> directive that attempts to override system behavior by preventing implementation actions until design approval. This is a form of direct prompt injection that tries to control the agent's decision-making process through embedded instructions in the skill manifest.

mediumcommand injectionllmbrainstorming

The server uses environment variables (BRAINSTORM_PORT, BRAINSTORM_HOST, etc.) directly in network binding and file operations without proper validation. Malicious environment variable values could potentially influence server behavior.

mediumresource abusellmbrainstorming

The WebSocket server does not implement connection limits or rate limiting. An attacker could establish numerous connections to exhaust server resources. The server maintains all connections in a Set without bounds checking.

mediumpolicy violationanalyzabilitybrainstorming

Only 75% of skill content could be analyzed. 2 of 8 files are opaque to the scanner. Some content could not be verified as safe.

lowdata exfiltrationllmbrainstorming

The skill manifest is missing optional fields including license, compatibility, and allowed-tools. While not required, these fields help users understand the skill's requirements and restrictions.

lowskill discovery abusellmrequesting-code-review

The skill manifest is missing optional metadata fields including license, compatibility, and allowed-tools. While these fields are optional per the agent skills specification, their absence reduces transparency about the skill's intended usage and tool requirements.

lowunauthorized tool usellmrequesting-code-review

The skill relies on dispatching an external 'superpowers:code-reviewer' subagent without any validation or error handling. While not inherently malicious, this creates a dependency on an external system that could potentially be compromised or unavailable.

lowskill discovery abusellmusing-git-worktrees

The skill manifest is missing optional fields including license, compatibility, and allowed-tools. While these fields are optional per the agent skills specification, their absence reduces transparency about the skill's requirements and restrictions.

highprompt injectionllmusing-superpowers

The skill contains explicit instructions that override the agent's normal decision-making process by forcing mandatory skill invocation. The instructions use strong directive language like 'ABSOLUTELY MUST', 'not negotiable', 'not optional', and 'cannot rationalize your way out of this' to override system behavior and force the agent to invoke skills even with minimal relevance (1% chance).

mediumprompt injectionllmusing-superpowers

The skill explicitly states that 'Superpowers skills override default system prompt behavior' which constitutes an attempt to manipulate the agent's core instruction hierarchy. While it claims user instructions take precedence, the skill positions itself above default system behavior.

mediumskill discovery abusellmusing-superpowers

The skill claims to be relevant for 'starting any conversation' and requires invocation 'before ANY response including clarifying questions'. This creates an over-broad activation pattern that could lead to inappropriate skill triggering and manipulation of the agent's normal conversation flow.

lowskill discovery abusellmusing-superpowers

The skill manifest is missing several optional metadata fields including license, compatibility, and allowed-tools. While not required, these fields help users understand the skill's intended scope and restrictions.

criticalcommand injectionstaticwriting-skills

Pattern detected: require('child_process')

criticalcommand injectionstaticwriting-skills

Pattern detected: execSync(

highcommand injectionllmwriting-skills

The render-graphs.js script uses execSync to execute the 'dot' command with user-controlled input (dotContent) passed directly to stdin. This creates a command injection vulnerability where malicious dot content could potentially execute arbitrary commands through graphviz processing or shell interpretation.

highdata exfiltrationstaticwriting-skills

Pattern detected: fs.readFileSync(

highdata exfiltrationstaticwriting-skills

Pattern detected: fs.writeFileSync(

mediumskill discovery abusellmwriting-skills

The skill manifest lacks 'allowed-tools' specification while the JavaScript script performs file system operations and command execution. The description 'Use when creating new skills, editing existing skills, or verifying skills work before deployment' doesn't clearly indicate the script will execute external commands (graphviz) and perform extensive file operations.

mediumdata exfiltrationllmwriting-skills

The script performs extensive file system operations including reading arbitrary SKILL.md files and writing SVG outputs to user-specified directories without proper path validation. This could potentially be exploited to read sensitive files or write to unauthorized locations through path traversal.

Adversarial Testing — 6 categories, 8 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion

highReviewprompt injection chainssuspected

The using-superpowers skill contains instructions that reference user-provided content (CLAUDE.md, GEMINI.md, AGENTS.md files) without explicit data boundary markers. The instruction states 'User's explicit instructions (CLAUDE.md, GEMINI.md, AGENTS.md, direct requests) — highest priority' and 'If CLAUDE.md, GEMINI.md, or AGENTS.md says "don't use TDD" and a skill says "always use TDD," follow the user's instructions.' This creates potential injection points where instruction-like content in these files could override skill behavior.

highReviewprompt injection chainssuspected

The using-superpowers skill instructs the agent to use various tools (Skill tool, skill tool, activate_skill tool) with user-provided skill names and content. The instructions state 'Use the `Skill` tool. When you invoke a skill, its content is loaded and presented to you' and 'Use the `skill` tool. Skills are auto-discovered from installed plugins.' There's no guidance on validating or sanitizing skill names before tool invocation, which could allow parameter injection if malicious skill names are provided.

highWarnprivilege escalationconfirmed

The session-start hook script automatically searches for and executes bash interpreters from system locations including Git for Windows installations. The script uses hardcoded paths to system directories (C:\Program Files\Git\bin\bash.exe) and falls back to PATH-based bash discovery. This creates a privilege escalation vector where the hook can execute arbitrary bash commands through discovered system interpreters without user confirmation.

highWarnprivilege escalationconfirmed

The session-start hook script accesses the user's home directory (~/.config/superpowers/skills) and reads plugin root directories without explicit user consent. It also performs file system operations across multiple system boundaries including reading skill files from plugin directories and checking for legacy configuration paths.

highReviewdata exfiltration side channelsconfirmed

The session-start hook script outputs the full content of the using-superpowers skill and warning messages as JSON to stdout. This could expose sensitive information if the skill content contains credentials, API keys, or other sensitive data that gets logged by the AI platform.

highWarncapability squattingconfirmed

The using-superpowers skill contains multiple authority escalation markers and user-override directives that attempt to make the agent prioritize skill instructions over user intent. The skill uses extreme priority language like 'EXTREMELY-IMPORTANT', 'ABSOLUTELY MUST', and 'not negotiable' to enforce compliance, while also containing directives that could override user preferences.

highWarncontext poisoningconfirmed

The using-superpowers skill contains multiple 'always' directives and absolute behavioral requirements that would persist across all future tasks, not just skill-related activities. These create permanent behavioral modifications that override user intent.

highWarncontext poisoningconfirmed

The superpowers plugin claims broad authority over agent behavior across all tasks, not just skill-related activities. It establishes a hierarchy where 'Superpowers skills override default system prompt behavior' and mandates skill usage even for simple questions.

Methodology v1.0 · 6 categories · ~55 attack patterns

Pipeline Review — 4 findings

criticalsecurityBLOCKING

cisco_skill_scanner: critical finding — command_injection

highsecurity

cisco_skill_scanner: high finding — prompt_injection

highsecurity

cisco_skill_scanner: high finding — command_injection

highsecurity

cisco_skill_scanner: high finding — data_exfiltration

Supply Chain

SBOM analysis and vulnerability assessment

Components

Direct deps

Transitive deps

Total vulns

Format: CycloneDX 1.5 · Generated: Apr 1, 2026

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 9504msp95: 13942msp99: 13942ms

Output size distribution

p50: 1.4 KBp95: 2.5 KBmean: 1.6 KB

Fingerprint v1.0 · Baseline: Apr 1, 2026 · Status: baseline

Component Inventory

28 components composing this plugin

skills

agent

commands

hooks

scripts

skills (14)

brainstormingskills/brainstorming

dispatching-parallel-agentsskills/dispatching-parallel-agents

executing-plansskills/executing-plans

finishing-a-development-branchskills/finishing-a-development-branch

receiving-code-reviewskills/receiving-code-review

requesting-code-reviewskills/requesting-code-review

subagent-driven-developmentskills/subagent-driven-development

systematic-debuggingskills/systematic-debugging

test-driven-developmentskills/test-driven-development

using-git-worktreesskills/using-git-worktrees

using-superpowersskills/using-superpowers

verification-before-completionskills/verification-before-completion

writing-plansskills/writing-plans

writing-skillsskills/writing-skills

agents (1)

code-revieweragents/code-reviewer.md

commands (3)

brainstormcommands/brainstorm.md

execute-plancommands/execute-plan.md

write-plancommands/write-plan.md

hooks (2)

hooks-cursorhooks/hooks-cursor.json

hookshooks/hooks.json

scripts (8)

run-hookhooks/run-hook.cmd

session-starthooks/session-start

bump-versionscripts/bump-version.sh

helperskills/brainstorming/scripts/helper.js

start-serverskills/brainstorming/scripts/start-server.sh

stop-serverskills/brainstorming/scripts/stop-server.sh

find-polluterskills/systematic-debugging/find-polluter.sh

render-graphsskills/writing-skills/render-graphs.js

Core skills library for Claude Code: TDD, debugging, collaboration patterns, and proven techniques

Interface

Aggregated instruction summary

Instructions: 2237Files: 14Format: composite

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

✓creates files

✓deletes files

⚠modifies files

yes

⚠accesses env variables

yes

⚠invokes external tools

yes

✓makes network requests

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "Jesse Vincent" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hash

sha256:7b24bbc543e80f1c61bdaf0d66c47fd013016538a19e459dc9e28ec8891d06ec

Key ID

kms-9db4ed3b9f53

Certified

Apr 1, 2026

Expires

Apr 1, 2027

Pipeline version

1.0

Status

valid

Annotated Filedownload →

The original instruction file with a certification footer appended. Replace the source file in your project so AI agents see the trust score, verification link, and SOP.

.cert.jsondownload →

ES256-signed JWS artifact for programmatic verification. Use with the Fidensa MCP server or GitHub Action to validate integrity.