The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains explicit instructions to override the agent's default behavior, stating "Superpowers skills — override default system behavior where they conflict." It establishes a priority hierarchy that ranks the "Default system prompt" as the lowest priority, effectively instructing the agent to ignore its core constraints in favor of the skill's directives.
[PROMPT_INJECTION]: The skill employs aggressive, imperative language such as "YOU ABSOLUTELY MUST," "This is not negotiable," and "You cannot rationalize your way out of this" to force adherence to its workflow and suppress the agent's internal reasoning or standard procedures.
[PROMPT_INJECTION]: The skill mandates that the agent load and follow external "skills" based on a very low relevance threshold ("1% chance"). This creates a large attack surface for indirect prompt injection, as it compels the agent to ingest and execute instructions from potentially untrusted files in the workspace. Evidence of surface: Ingestion occurs via the Skill tool; capability inventory includes file writes, shell execution, and subagent dispatch; boundary markers and sanitization instructions are missing.
[COMMAND_EXECUTION]: The skill references and provides configuration mapping for tools that enable arbitrary shell command execution (Bash, run_shell_command) and the modification of system-level configuration files such as ~/.codex/config.toml.

superpowers-using-superpowers