using-supaconductor
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative and absolute language ("ABSOLUTELY MUST", "This is not negotiable", "not optional") to override the agent's default decision-making process and tool-use discretion.
- [PROMPT_INJECTION]: It mandates a '1% chance' rule, forcing the agent to invoke the 'Skill' tool for virtually every interaction, which bypasses the agent's autonomy in determining tool relevance and increases the attack surface for loading malicious external content.
- [PROMPT_INJECTION]: The 'Red Flags' section explicitly instructs the agent to ignore its own logical reasoning or concerns regarding task complexity and context, characterizing these as 'rationalizations' to be dismissed in favor of mandatory tool usage.
- [PROMPT_INJECTION]: By requiring the agent to load and follow external skills 'directly' and 'exactly' regardless of the initial query, the instruction creates a significant surface for indirect prompt injection. Evidence includes: 1) Ingestion Point: Skill tool loading external content; 2) Boundary Markers: Absent (instructions command following content 'directly'); 3) Capability: Directed to follow loaded content exactly without discretion; 4) Sanitization: Absent (agent is forbidden from rationalizing).
Audit Metadata