Superpowers — agentic threat model
Superpowers introduces significant agentic risk due to its ability to orchestrate subagents, dynamically author and test new skills, and execute code during debugging and TDD workflows, potentially leading to arbitrary code execution if compromised.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.90 | |
| Self-Modification | 0.90 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.60 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.90 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.60 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — relies on Claude (Anthropic) as the underlying foundation model. Threats include adversarial prompt injection to bypass the TDD/code review guardrails or reprogram the subagents.
Not certain from the listing — operates on local codebases and skill libraries. Threats include poisoning the skill library or local codebase to inject malicious code during debugging/TDD.
Orchestrates subagents, plans development, and executes code reviews. Threats include insecure tool integration (executing tests/debugging commands), subagent hijacking, and tool misuse during TDD (e.g., executing arbitrary test scripts).
Not certain from the listing — runs as a Claude Code plugin, likely locally or in the user's development environment. Threats include lack of sandboxing when running tests/debugging, leading to local host compromise.
Not certain from the listing — mentions built-in code review and testing new skills, but lacks explicit details on logging or guardrails. Threats include blind spots in subagent execution and evaluation gaming.
Not certain from the listing — open-source community plugin. Likely lacks formal compliance (NIST/ISO) or built-in authorization controls, relying entirely on the host environment.
Explicitly uses subagent-driven development and authoring/testing new skills. Threats include rogue subagents, cascading failures across subagents, and trust abuse between the main agent and subagents.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).