using-superpowers

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses authoritative language to override the agent's default decision-making. It explicitly states that "Superpowers skills override default system behavior" and characterizes this requirement as "not negotiable" and "not optional."
  • [PROMPT_INJECTION]: The instructions mandate that the agent must invoke relevant skills before performing any other action, including providing clarifying questions. This forces a change in the agent's standard operational flow.
  • [PROMPT_INJECTION]: The skill defines an explicit instruction priority that places these skills above the default system prompt, instructing the AI to prioritize the skill content over its core configuration.
  • [PROMPT_INJECTION]: The skill identifies and attempts to suppress standard agent reasoning (e.g., "This is just a simple question", "I need more context first") through a "Red Flags" table, categorizing these thoughts as "rationalizing" to ensure the mandatory workflow is followed.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by forcing the agent to load and follow instructions from external skill files.
  • Ingestion points: The Skill tool (SKILL.md) and activate_skill tool (references/gemini-tools.md) are used to ingest external skill content.
  • Boundary markers: No boundary markers or "ignore instructions" warnings are defined for the loaded content.
  • Capability inventory: The skill mappings (references/codex-tools.md, references/gemini-tools.md) facilitate access to powerful tools like Bash, Write, Edit, run_shell_command, and spawn_agent.
  • Sanitization: No sanitization or validation of the loaded skill content is performed before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:39 PM
Security Audit — agent-trust-hub — using-superpowers