using-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill uses aggressive and authoritative markers to bypass the agent's standard operational constraints and logic for tool relevance.
- Evidence: Use of phrases like "ABSOLUTELY MUST", "YOU DO NOT HAVE A CHOICE", "not negotiable", and "1% chance" inside
<EXTREMELY-IMPORTANT>tags. - Impact: It attempts to prevent the agent from using its own reasoning ("You cannot rationalize your way out of this") to determine if a tool is appropriate, potentially leading to excessive tool usage or vulnerability to further injections if subsequent skills are malicious.
- [Indirect Prompt Injection] (LOW): The skill establishes a high-sensitivity trigger where untrusted user input is used to determine which other skills to load and execute.
- Ingestion points:
User message receivedflow in the DOT diagram. - Boundary markers: None. The instructions do not provide delimiters or safety warnings for the content of the invoked skills.
- Capability inventory: Explicitly requires the use of the
Skilltool, which can load and execute additional instructions. - Sanitization: None. The agent is told to "follow it directly" and "Follow skill exactly".
Audit Metadata