using-superpowers
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses extremely forceful instructions to mandate compliance, such as 'ABSOLUTELY MUST', 'not negotiable', and 'not optional', which are override markers aimed at bypassing the agent's default logic.
- [PROMPT_INJECTION]: The skill explicitly instructs that 'Superpowers skills override default system prompt behavior', attempting to alter the agent's internal instruction hierarchy.
- [PROMPT_INJECTION]: The 'Red Flags' section includes directives to suppress the agent's internal reasoning ('STOP—you're rationalizing'), a technique often used to ensure adherence to instructions over safety or common sense.
- [PROMPT_INJECTION]: The framework handles external data from web tools and subagents, creating a surface for indirect prompt injection.
- Ingestion points: 'web_fetch' and 'google_web_search' tools in 'references/gemini-tools.md' and subagent outputs in 'references/codex-tools.md'.
- Boundary markers: XML tags like '' are suggested but not consistently enforced for all inputs.
- Capability inventory: Mapped tools include shell command execution ('run_shell_command', 'Bash') and file system operations ('write_file', 'Edit').
- Sanitization: No explicit validation or sanitization of ingested content is defined.
- [COMMAND_EXECUTION]: The platform mapping files document and enable access to powerful tools for shell command execution and file modification as part of the intended workflow framework.
Audit Metadata