using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill employs extremely assertive, non-negotiable language designed to override the agent's default safety and reasoning protocols. Phrases like 'ABSOLUTELY MUST', 'not negotiable', and 'not optional' are used to force adherence to the skill over standard operations.
- PROMPT_INJECTION (HIGH): The section 'Instructions ≠ Permission to Skip Workflows' explicitly instructs the agent to ignore specific user instructions ('WHAT to do') if they conflict with the skill's internal processes, which is a direct attempt to seize control of the agent's behavior.
- PROMPT_INJECTION (HIGH): The skill creates a significant indirect prompt injection surface by mandating the execution of external 'skills' based on user requests without allowing the agent to use discretion. 1. Ingestion points: User messages are scanned for matches against available skills in SKILL.md. 2. Boundary markers: Absent. The skill explicitly forbids the agent from 'rationalizing' or evaluating the appropriateness of a skill. 3. Capability inventory: The agent is directed to use the 'Skill tool' to 'read and run' skill files. 4. Sanitization: Absent. The instructions state 'Follow the skill exactly'.
Recommendations
- AI detected serious security threats
Audit Metadata