using-superpowers — agentic threat model
The 'using-superpowers' meta-skill introduces extreme agentic risk by forcing the aggressive, low-threshold (1% relevance) invocation of external skills and subagents. This drastically expands the attack surface for prompt injection and unintended tool execution without visible guardrails.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.60 | |
| Self-Modification | 0.70 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.80 | |
| Opacity & Reflexivity | 0.70 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
The meta-skill relies heavily on the underlying LLM's reasoning to evaluate '1% relevance' for skill invocation, making it highly vulnerable to prompt injection and adversarial reprogramming that could force malicious skill execution.
Not certain from the listing — there is no mention of a specific vector database or RAG pipeline, though the skill-discovery bootstrap mechanism likely queries a local index or registry of available skills.
This layer is highly critical. The meta-skill alters the orchestration framework by forcing pre-response skill invocation. This creates severe risks of insecure tool integration, infinite loops, and unintended tool execution due to the low (1%) relevance threshold.
Not certain from the listing — the deployment environment (sandboxing, containerization) of the invoked skills is not specified, which is dangerous given the aggressive execution model.
Not certain from the listing — there are no mentioned guardrails, evaluation frameworks, or logging mechanisms to monitor, throttle, or block the rapid, low-relevance skill invocations.
Not certain from the listing — no authentication, authorization, or policy enforcement mechanisms are described to restrict which skills can be discovered or invoked by this meta-skill.
The 'subagent opt-out clause' and the ability to discover/invoke other skills directly impact the agent ecosystem, creating risks of cascading failures and trust abuse if a compromised subagent or skill is dynamically invoked.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).