using-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill employs aggressive, imperative language ('ABSOLUTELY MUST', 'NOT NEGOTIABLE', 'YOU DO NOT HAVE A CHOICE') designed to override the agent's default decision-making process and safety reasoning. This technique mirrors prompt injection patterns used to bypass standard operating procedures.
- [INDIRECT_PROMPT_INJECTION] (LOW): By mandating a skill check for every interaction with a '1% chance' threshold, the skill creates a broad attack surface. An attacker could craft a message that triggers the loading of a malicious skill, which the agent is now primed to follow without 'rationalizing' or questioning.
- Ingestion points: Every incoming user message processed by the agent (defined in SKILL.md).
- Boundary markers: None; there are no instructions to sanitize or isolate the user's input before determining which skill to invoke.
- Capability inventory: The skill requires the use of the Skill tool, which loads and executes external markdown/instructions.
- Sanitization: None; the agent is instructed to follow loaded skills 'exactly' without using the Read tool for verification.
Audit Metadata