# Superpowers (Hardened) A security-hardened fork of [`obra/superpowers`](https://github.com/obra/superpowers) — a complete software development workflow for AI coding agents built on composable skills. ## What's Different This fork applies the following security changes on top of upstream: - Removed authority-escalation markup patterns from injected context - Added stricter hook and path validation - Added scope and data-handling constraints for subagent review prompts - Excluded brainstorming browser server components and other non-essential attack surface For details on how Superpowers works (workflow, philosophy, skills library, contributing), see the [upstream README](https://github.com/obra/superpowers#readme). ## Installation Installation differs by platform. All commands below point to **this fork** (`garrettsiegel/superpowers`). ### GitHub Copilot (VS Code, JetBrains, GitHub.com) Tell Copilot: ``` Fetch and follow instructions from https://raw.githubusercontent.com/garrettsiegel/superpowers/refs/heads/main/.copilot/INSTALL.md ``` Or install locally: ```bash git clone https://github.com/garrettsiegel/superpowers.git ~/.copilot/superpowers ~/.copilot/superpowers/.copilot/install.sh /path/to/your/repo ``` **Detailed docs:** [.copilot/INSTALL.md](.copilot/INSTALL.md) ### Claude Code ```bash /plugin marketplace add garrettsiegel/superpowers /plugin install superpowers@superpowers ``` ### Cursor ```text /add-plugin superpowers ``` Then search for "superpowers" and select this fork if prompted. ### Codex ``` Fetch and follow instructions from https://raw.githubusercontent.com/garrettsiegel/superpowers/refs/heads/main/.codex/INSTALL.md ``` ### OpenCode ``` Fetch and follow instructions from https://raw.githubusercontent.com/garrettsiegel/superpowers/refs/heads/main/.opencode/INSTALL.md ``` ### Gemini CLI ```bash gemini extensions install https://github.com/garrettsiegel/superpowers ``` ### Verify Start a new session and ask for something that should trigger a skill (e.g., "help me plan this feature"). The agent should invoke the relevant skill automatically, or load the skill file on platforms without a native Skill tool. ## Updating Pull the latest from this fork. Symlink-based installs pick up changes automatically. ```bash cd ~/.copilot/superpowers && git pull # Copilot / Codex ``` For plugin-based platforms: ```bash /plugin update superpowers # Claude Code gemini extensions update superpowers # Gemini CLI ``` ## Upstream - **Upstream repo:** [obra/superpowers](https://github.com/obra/superpowers) - **Upstream community / Discord:** [discord.gg/Jd8Vphy9jq](https://discord.gg/Jd8Vphy9jq) - **Blog post:** [Superpowers for Claude Code](https://blog.fsck.com/2025/10/09/superpowers/) ## License MIT — see [LICENSE](LICENSE) for details.