using-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill utilizes extremely imperative and restrictive language ('ABSOLUTELY MUST', 'NOT NEGOTIABLE', 'automatic failure') to force the agent into a specific behavioral loop.
- [Evidence]: The section 'Instructions ≠ Permission to Skip Workflows' explicitly directs the agent to ignore user requests to skip specific internal processes like 'brainstorming' or 'TDD', which is a form of instruction override.
- INDIRECT PROMPT INJECTION (LOW): The skill acts as a meta-framework that mandates the ingestion and execution of other skills based on user input, creating a potential surface for chaining.
- Ingestion points: Processes every user message to determine if a skill tool should be triggered.
- Boundary markers: None detected; the skill encourages following external skill instructions 'exactly' without mentioned sanitization.
- Capability inventory: Utilizes a 'Skill' tool (reading/executing) and a 'TodoWrite' tool (task management).
- Sanitization: No evidence of input validation or sanitization before passing context to other tools.
Audit Metadata