using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill employs aggressive, imperative language ('ABSOLUTELY MUST', 'not negotiable', 'not optional', 'YOU DO NOT HAVE A CHOICE') to override the agent's internal logic and safety guidelines regarding tool use.
- Indirect Prompt Injection (HIGH): The skill creates a high-risk interaction pattern by mandating the invocation of external skills before any response, even clarifying questions. Evidence Chain: 1. Ingestion Point: Any user message received by the agent (defined in
SKILL.md). 2. Boundary Markers: None; the skill explicitly ignores traditional context and exploration steps. 3. Capability Inventory: Mandates use of theSkilltool which loads and executes instructions from external files. 4. Sanitization: None; it instructs the agent to 'follow skill exactly' regardless of the source. This maximizes the attack surface for malicious skills to hijack the agent's session early.
Recommendations
- AI detected serious security threats
Audit Metadata