using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill employs aggressive imperatives such as 'ABSOLUTELY MUST', 'NOT NEGOTIABLE', and 'NOT OPTIONAL' to override the agent's autonomy. It specifically instructs the agent to ignore its own logical evaluation ('STOP—you're rationalizing'), which is a hallmark pattern of prompt injection attacks designed to bypass behavioral constraints.
- INDIRECT_PROMPT_INJECTION (LOW): The skill exposes the agent to automated tool invocation based on untrusted input without proper validation. 1. Ingestion points: User messages trigger the logic flow described in the skill. 2. Boundary markers: None; the skill lacks delimiters or instructions to treat user input as untrusted when searching for skills. 3. Capability inventory: Mandatory invocation of the 'Skill' tool and a requirement to 'Follow skill exactly' once loaded. 4. Sanitization: None; the requirement to invoke tools on a '1% chance' of relevance intentionally bypasses standard safety and relevance filtering.
Recommendations
- AI detected serious security threats
Audit Metadata