70High
The skill's reliance on
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Subagent-Driven Development: Execute plan by dispatching fresh subagent per task, with two-stage review after each: spec compliance review first, then code quality review.
Actually does
This skill orchestrates a software development workflow by reading an implementation plan, extracting tasks, and dispatching specialized subagents (implementer, spec reviewer, code quality reviewer) using specific prompt templates (e.g., `./implementer-prompt.md`). It manages task status, handles subagent questions and issues, and enforces a two-stage review process (spec compliance then code quality) with iterative fixes before marking tasks complete and integrating with Git operations.
Skill Info
Nameobra/superpowers/subagent-driven-development
Registrygithub
Versionf9b088f7b3a6
PURLpkg:github/obra/superpowers@f9b088f7b3a6?skill=subagent-driven-development
Stars180,084
Installs60,600
Source
SHA-256081ad3869e55...
SHA-12ea2f0b09ac8...
MD5543afab876dc...
TLSHd742a8777993...
ssdeep192:FF5kSUXU...
Size12,139 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
https://github.com/obra/superpowers/tree/main/skills/subagent-driven-development60,600 installs
Claude CodeDocs
/plugin marketplace add obra/superpowers/plugin install subagent-driven-development@obra/superpowers
CodexDocs
Gemini CLIDocs
gemini extensions install https://github.com/obra/superpowers.git --consent
CursorDocs
Skills.shDocs
npx skills add https://github.com/obra/superpowersAssessments (2)
AI Agent Traps ↗Supply Chain Risk via External Prompts and Skillshighsupply chain
The skill heavily relies on external Markdown files for subagent prompts (e.g., `./implementer-prompt.md`) and integrates with other 'superpowers' skills. Compromise or malicious content within these external dependencies could lead to arbitrary code execution, data exfiltration, or other harmful actions by the orchestrated subagents.
90% confidenceline 268
./implementer-prompt.md, superpowers:using-git-worktrees
Potential for Resource Abuse via Review Loopslowresource abuse
The skill incorporates review loops ('Repeat until approved') for spec compliance and code quality. If a subagent repeatedly fails to meet review criteria or encounters an unresolvable issue, these loops could lead to excessive resource consumption (e.g., API calls, compute time) without human intervention.
60% confidenceline 40
Implementer subagent fixes spec gaps -> Dispatch spec reviewer subagent (...) [label="re-review"]
Reduced Human Oversight & Autonomy Abusemediumapproval fatigue, autonomy abuse
The skill is designed for 'Faster iteration (no human-in-loop between tasks)' and 'Review checkpoints automatic,' which reduces human oversight during task execution. This could lead to critical decisions being made autonomously without sufficient human review, potentially causing unintended consequences or approval fatigue for the final human review.
80% confidenceline 38
Faster iteration (no human-in-loop between tasks), Review checkpoints automatic
Version History (4)
Dependencies (1)
superpowers.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/subagent-driven-development)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/subagent-driven-development"><img src="https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/subagent-driven-development.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/subagent-driven-development.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow