using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill uses imperative, non-negotiable language (e.g., 'ABSOLUTELY MUST', 'NOT OPTIONAL', 'not negotiable') to override the agent's default operational protocols. It explicitly commands the agent to ignore its own 'rationalization' and 'context gathering' steps, which are key safety and accuracy safeguards.
- Indirect Prompt Injection (HIGH): The skill establishes a mandatory rule to invoke external skills even with a 1% chance of relevance before performing any other action. This creates a high-risk surface for malicious skills to gain execution. Ingestion points: User-controlled workspace files matching skill patterns. Boundary markers: Absent; the skill explicitly discourages context-based filtering. Capability inventory: Skill tool invocation (SKILL.md). Sanitization: Absent.
- Metadata Poisoning (MEDIUM): The metadata description ('Use when starting any conversation') is strategically designed to ensure these behavior-modifying instructions are active immediately in every session, maximizing the skill's influence.
Recommendations
- AI detected serious security threats
Audit Metadata