using-superpowers
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Uses highly coercive and imperative language (e.g., 'ABSOLUTELY MUST', 'not negotiable', 'automatic failure') to override the agent's default task-handling logic and decision-making processes.
- [PROMPT_INJECTION]: Explicitly instructs the agent to disregard user instructions that might suggest skipping defined workflows (e.g., brainstorming, TDD), stating that user instructions define 'WHAT to do, not HOW'.
- [PROMPT_INJECTION]: Creates a surface for indirect prompt injection by mandating that the agent must read and execute any matching skill files found in its environment, without providing boundary markers or sanitization for those external instructions. * Ingestion points: Skill files accessed via the Skill tool. * Boundary markers: Absent. * Capability inventory: Skill tool (read), TodoWrite tool (write). * Sanitization: Absent.
- [PROMPT_INJECTION]: Implements a 'MANDATORY FIRST RESPONSE PROTOCOL' designed to trigger before responding to 'ANY user message', functioning as an attempt to persistently alter agent behavior across the entire conversation lifecycle.
Audit Metadata