using-superpowers
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses forceful language to override the agent's default system behavior and internal reasoning. It commands the agent to treat skill invocation as 'not negotiable' and to 'stop rationalizing' when encountering thoughts that might delay skill usage.
- [COMMAND_EXECUTION]: The skill defines tool mappings for shell access (Bash), subagent creation (Task, spawn_agent), and file system modification across multiple CLI platforms. This exposes powerful capabilities to any skill loaded via this framework.
- [DATA_EXFILTRATION]: Documentation includes references to WebFetch and WebSearch tools without specifying safety constraints or domain allowlists.
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of external data (other skills) into the agent's context. It lacks explicit boundary markers or sanitization requirements for this content, yet instructs the agent to 'Follow skill exactly' and 'override default system prompt behavior', creating a high-authority execution path for potentially malicious sub-skills.
Audit Metadata