using-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes absolute and imperative language (e.g., "ABSOLUTELY MUST", "not negotiable", "not optional") specifically designed to override the agent's internal reasoning and decision-making processes.
- [PROMPT_INJECTION]: It instructs the agent to ignore its own safety-oriented "rationalization" (such as needing more context or exploring the codebase) and skip clarifying questions in favor of immediate tool execution.
- [PROMPT_INJECTION]: The "1% chance" rule significantly lowers the model's confidence threshold for invoking tools, creating a wide surface for indirect prompt injection where user input can trigger the loading of untrusted external instructions.
- [PROMPT_INJECTION]: Analysis of Indirect Prompt Injection surface: 1. Ingestion points: User messages directly trigger the
activate_skillworkflow. 2. Boundary markers: No delimiters or instructions to ignore embedded commands within loaded skills are present. 3. Capability inventory: Uses theactivate_skilltool to load external content. 4. Sanitization: No sanitization or validation of the skills being invoked is mentioned.
Audit Metadata