Skip to content

feat(ai): expand security/design agent coverage, bump agency-agents and superpowers#727

Merged
mkobit merged 1 commit into
mainfrom
feat/agents-security-design-expand
Jul 16, 2026
Merged

feat(ai): expand security/design agent coverage, bump agency-agents and superpowers#727
mkobit merged 1 commit into
mainfrom
feat/agents-security-design-expand

Conversation

@mkobit

@mkobit mkobit commented Jul 16, 2026

Copy link
Copy Markdown
Owner

Summary

  • Bumps agency-agents to 86a6695 (2026-07-15, verified current upstream HEAD) and adds 25 curated security/design/engineering agents after a per-agent audit (dedicated subagent per candidate, checking prompt-injection risk and embedded author-specific assumptions).
  • Caveat-worthy agents (live pentest/DAST, credential rotation, production DR drills, infra mutations, etc.) get audit-caveat comments mirroring the existing testing-api-tester precedent. security-senior-secops is rejected — its prompt is structurally built around a fictional internal doc (security/17-security-pattern.md, cited ~10+ times) rather than a scoped, fixable caveat.
  • Bumps superpowers to d884ae0 (2026-07-02, verified current) after diffing every changed skill. Highest-risk changes (three new shell scripts in subagent-driven-development/scripts/, the restructured SKILL.md, and the brainstorming local server) each got a dedicated subagent review: the new scripts use set -euo pipefail with quoted variables and confined output paths, and the server diff is a real hardening pass (adds session auth tokens, WS Origin checks, path-traversal guards, safer PID handling) — no regressions found.

Scope note

Coverage of the upstream security/design/engineering categories is curated, not exhaustive: 9 of 12 security agents, 3 of 9 design agents, and 19 of 52 engineering agents got an explicit present/absent decision (the rest were triaged out on relevance — e.g. WordPress/Drupal/network-hardware/blockchain-specific agents — without a full audit, consistent with how this file already treats unreviewed candidates as silently omitted rather than explicitly rejected).

Test plan

  • Independently re-verified both archive sha256sums via fresh download (not reused from cache)
  • Confirmed both refs are still current upstream HEAD via git ls-remote
  • chezmoi diff / chezmoi apply run locally — new agents render correctly across Claude Code, opencode, cursor-as-skills, and antigravity-as-skills targets; diff is clean post-apply
  • Verified no previously-selected present agents were disturbed (full old-vs-new key diff)
  • Adversarial second-pass review (independent subagent, no access to prior reasoning) spot-checked 6 of the audited files against source and confirmed the present/absent/caveat calls are accurate and internally consistent

🤖 Generated with Claude Code

…nd superpowers

Bumps agency-agents to 86a6695 (2026-07-15) and adds 15 security/design/engineering
agents after a per-agent prompt-injection and adaptation audit (25 candidates
reviewed via dedicated subagents). Caveat-worthy agents (live pentest/DAST,
credential rotation, production drills, etc.) get audit-caveat comments mirroring
the existing testing-api-tester precedent; security-senior-secops is rejected for
hardcoding a fictional internal doc path.

Bumps superpowers to d884ae0 (2026-07-02) after reviewing the diff for every
changed skill: new subagent-driven-development scripts are well-guarded shell
(strict mode, quoting, confined output paths), the brainstorming local server adds
real auth hardening (session tokens, Origin checks, path-traversal guards), and
remaining skill-doc changes are non-risky workflow refinements.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@mkobit
mkobit merged commit ec794b0 into main Jul 16, 2026
6 checks passed
@mkobit
mkobit deleted the feat/agents-security-design-expand branch July 16, 2026 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant