using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill employs coercive language ("EXTREMELY-IMPORTANT", "ABSOLUTELY MUST", "not negotiable", "not optional") designed to override the agent's internal logic and safety guidelines. It explicitly commands the agent to ignore its own "rationalization" and "Red Flags," which are the primary mechanisms an AI uses to detect and avoid harmful instructions.
- INDIRECT_PROMPT_INJECTION (HIGH): The core logic of the skill mandates the ingestion of external data (invoking other skills) before any clarification or context gathering is allowed.
- Ingestion points: Any user message received triggers a check for other skills.
- Boundary markers: None. The skill instructs the agent to "follow [the loaded skill] directly."
- Capability inventory: Mandates the use of the
Skilltool, which reads file content into the active context. - Sanitization: None. The skill specifically prohibits the agent from exploring the codebase or gathering information before the tool invocation.
- METADATA_POISONING (MEDIUM): The description and instructions attempt to redefine the agent's standard behavior ("establishing how to find and use skills") in a way that prioritizes tool execution over safety and reasoning filters.
Recommendations
- AI detected serious security threats
Audit Metadata