using-superpowers
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs absolute imperatives and high-pressure language (e.g., "ABSOLUTELY MUST", "not negotiable", "not optional") to override the agent's standard task-prioritization logic.
- [PROMPT_INJECTION]: It explicitly instructs the agent to ignore its own internal assessments, such as the need for more context or exploring the codebase, in favor of a rigid tool-invocation workflow.
- [PROMPT_INJECTION]: The "Red Flags" section provides a list of common agent reasoning steps and labels them as "rationalizations" that must be suppressed, which is a technique used to bypass the agent's built-in heuristics and safety checks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by mandating tool execution based on external user input.
- Ingestion points: Untrusted data enters the context via the initial "User message received" in SKILL.md.
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded commands in the user input.
- Capability inventory: The workflow leads directly to the
Skilltool invocation (SKILL.md), which can execute further complex operations. - Sanitization: Absent; no validation or escaping is performed on the user-provided task before the skill mandates action.
Audit Metadata