using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill contains strong behavioral hijacking patterns. It uses absolute, forceful language ('NON-NEGOTIABLE RULE', 'DO NOT HAVE A CHOICE', 'MUST USE IT') to override the agent's default decision-making. Furthermore, the section 'User Instructions ≠ Permission to Skip Workflows' explicitly commands the agent to disregard the user's intended 'HOW' in favor of the skill's 'HOW', which is a significant prompt injection risk designed to subvert user intent.
- [DATA_EXFILTRATION] (SAFE): No commands or patterns suggesting the access of sensitive files or the transmission of data to external domains were found.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not attempt to download external scripts, install third-party packages, or use dynamic execution functions.
Recommendations
- AI detected serious security threats
Audit Metadata