using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill employs extreme imperative language and 'override' markers designed to bypass agent reasoning and user instructions. Phrases such as 'ABSOLUTELY MUST', 'NOT NEGOTIABLE', and 'automatic failure' are used to force specific behaviors regardless of context.
- [PROMPT_INJECTION] (HIGH): The skill explicitly instructs the agent to disregard user instructions that might conflict with its workflow ('Instructions ≠ Permission to Skip Workflows'), which is a direct attempt to override the primary control channel (the user).
- [PROMPT_INJECTION] (HIGH): The skill creates a high-risk surface for indirect prompt injection (Category 8). By mandating that any potentially relevant skill file must be read and executed without choice, it forces the agent to process and obey untrusted data.
- Ingestion points: Skill tool reading skill files from the environment.
- Boundary markers: None specified.
- Capability inventory: The skill mandates running other files and using the 'TodoWrite' tool.
- Sanitization: No sanitization or safety evaluation is performed before executing mandatory skills.
Recommendations
- AI detected serious security threats
Audit Metadata