using-superpowers
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language to override the agent's default decision-making. It explicitly states that "Superpowers skills override default system behavior" and characterizes this requirement as "not negotiable" and "not optional."
- [PROMPT_INJECTION]: The instructions mandate that the agent must invoke relevant skills before performing any other action, including providing clarifying questions. This forces a change in the agent's standard operational flow.
- [PROMPT_INJECTION]: The skill defines an explicit instruction priority that places these skills above the default system prompt, instructing the AI to prioritize the skill content over its core configuration.
- [PROMPT_INJECTION]: The skill identifies and attempts to suppress standard agent reasoning (e.g., "This is just a simple question", "I need more context first") through a "Red Flags" table, categorizing these thoughts as "rationalizing" to ensure the mandatory workflow is followed.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by forcing the agent to load and follow instructions from external skill files.
- Ingestion points: The
Skilltool (SKILL.md) andactivate_skilltool (references/gemini-tools.md) are used to ingest external skill content. - Boundary markers: No boundary markers or "ignore instructions" warnings are defined for the loaded content.
- Capability inventory: The skill mappings (references/codex-tools.md, references/gemini-tools.md) facilitate access to powerful tools like
Bash,Write,Edit,run_shell_command, andspawn_agent. - Sanitization: No sanitization or validation of the loaded skill content is performed before execution.
Audit Metadata