using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill employs coercive language to override the agent's standard operating procedures. Findings include:
- Behavioral Override: Uses phrases like 'ABSOLUTELY MUST', 'not negotiable', and 'cannot rationalize your way out of this' to force tool usage over default reasoning.
- Instructional Bypass: Specifically instructs the agent to ignore its own intuition or desire for context ('I need more context first', 'simple question') in favor of external instructions.
- Indirect Prompt Injection (HIGH): This skill acts as a force-multiplier for other malicious content. Mandatory Evidence Chain:
- Ingestion points: Mandates the use of the 'Skill tool' to read external markdown files (other skills) into the context.
- Boundary markers: No instructions are provided to sanitize or isolate the content of the skills being read.
- Capability inventory: The skill mandates that the agent 'Follow skill exactly', granting external skill files high-authority over the agent's subsequent actions.
- Sanitization: None. The '1% chance' rule ensures the agent will aggressively pull in external content, increasing the likelihood of processing an adversarial skill.
Recommendations
- AI detected serious security threats
Audit Metadata