using-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill uses high-pressure language to bypass the agent's internal reasoning and safety filters regarding task prioritization.\n
- Evidence: Use of phrases like 'NON-NEGOTIABLE RULE', 'DO NOT HAVE A CHOICE', 'MUST USE IT', and 'cannot rationalize your way out of this' are designed to override the agent's default behavior.\n
- Evidence: The skill explicitly instructs the agent to ignore user instructions that conflict with the skill's defined workflow: 'User Instructions ≠ Permission to Skip Workflows'.\n- [Indirect Prompt Injection] (LOW): The skill mandates the loading of external content based on a very low threshold (1% chance), creating a significant attack surface for malicious skills.\n
- Ingestion points: The skill forces the agent to read and follow 'any skill' that might apply to the task.\n
- Boundary markers: No boundary markers or 'ignore embedded instruction' warnings are suggested; instead, the agent is told to 'Follow skill exactly'.\n
- Capability inventory: While this skill itself is 'NO_CODE', it forces the transition to other skills which may possess dangerous capabilities (file-write, network, subprocess).\n
- Sanitization: There is no evidence of sanitization, validation, or filtering of the skills being loaded.
Audit Metadata