Superpowers Dev Workflow

This skill bundle is suspicious due to its extensive use of powerful execution capabilities (`exec`, `sessions_spawn`) and dynamic command generation. Files like `SKILL.md`, `references/finishing-branch.md`, and `references/writing-plans.md` instruct the agent to construct and execute various shell commands (`git`, `gh`, `pytest`, `pnpm test`, `cargo test`, `go test`) using potentially user-controlled input (e.g., branch names, PR titles). This creates a significant risk of prompt injection and shell injection if user input is not rigorously sanitized, allowing an attacker to execute arbitrary commands or manipulate sub-agent behavior. While the skill's stated purpose is legitimate software development, the inherent power and lack of explicit input sanitization for command construction elevate it beyond benign.