using-superpowers
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs aggressive, imperative framing (e.g., "ABSOLUTELY MUST", "not negotiable", "not optional") and directives to "not rationalize" designed to override the agent's default logic and internal constraints.
- [PROMPT_INJECTION]: Instructions specifically target and disable the agent's standard interaction patterns, such as asking for clarification or gathering context, by mandating tool execution as the highest priority.
- [PROMPT_INJECTION]: The skill instructs the agent to prioritize the skill's workflow instructions over user instructions, potentially leading to unauthorized or unexpected actions based on external content.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by mandating the automatic invocation and strict adherence to content loaded via the Skill tool.
- Ingestion points: External skill files loaded via the
Skilltool (SKILL.md). - Boundary markers: Absent; instructions explicitly state to "follow skill exactly" without validation or isolation.
- Capability inventory: Mandates use of
SkillandTodoWritetools (SKILL.md). - Sanitization: Absent; no validation or filtering of the ingested skill content is provided.
Audit Metadata