Getting Started with Skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill uses strong imperative language and explicit instructions to prioritize internal workflows over human partner instructions ('Instructions != Permission to Skip Workflows'). This is a behavioral override pattern designed to constrain agent choice.
- Indirect Prompt Injection (LOW): The skill creates a surface for indirect injection by requiring the agent to search for and read external skill files based on current context. 1. Ingestion points: Content is read via the 'Read' tool from paths under '${SUPERPOWERS_SKILLS_ROOT}'. 2. Boundary markers: Absent; the agent is instructed to follow the read file exactly without explicit delimiters for the external content. 3. Capability inventory: The skill utilizes 'Read' (file access), 'find-skills' (file search), and 'TodoWrite' (state modification) tools. 4. Sanitization: Absent; no validation or filtering of secondary skill content is performed.
Audit Metadata