using-superpowers
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs coercive and absolute language to override the AI's standard operational reasoning and decision-making logic. It uses phrases like "ABSOLUTELY MUST", "not negotiable", and "not optional" to force compliance regardless of context.
- [PROMPT_INJECTION]: The instructions explicitly tell the AI to ignore its own internal logic or "rationalization" (e.g., "These thoughts mean STOP—you're rationalizing"). This is a pattern designed to bypass the agent's internal safety, quality, and logic checks.
- [PROMPT_INJECTION]: The skill mandates a dangerously low threshold for executing external instructions ("even a 1% chance") and requires this action before providing any clarification to the user, effectively hijacking the interaction flow to prioritize external content.
- [PROMPT_INJECTION]: A significant surface for indirect prompt injection is created by mandating the ingestion of external "skill" files through the Skill tool without providing boundary markers or sanitization logic.
- Ingestion points: Skill files loaded via the
Skilltool (SKILL.md). - Boundary markers: Absent; no instructions are provided to treat loaded skill content as untrusted or to ignore embedded commands.
- Capability inventory: The agent is instructed to "follow skill exactly" and "invoke Skill tool" which likely leads to further file reads and command execution.
- Sanitization: Absent; there is no validation or filtering of the content retrieved from external skill files.
Audit Metadata