using-superpowers
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill uses coercive language ('ABSOLUTELY MUST', 'not negotiable', 'not optional') to override the agent's default safety guidelines and discretion. It forces a '1%' applicability threshold for tool execution, effectively disabling internal relevance filters.
- PROMPT_INJECTION (HIGH): The 'Red Flags' section is a sophisticated instruction-override technique designed to suppress the agent's internal reasoning process. It refutes legitimate safety behaviors like 'I need more context first' or 'gather information first', labeling them as 'rationalization' to be avoided.
- COMMAND_EXECUTION (HIGH): The skill mandates immediate invocation of the 'Skill' tool and requires the agent to 'Follow skill exactly' without discretion. This creates an unvetted execution path where malicious instructions in loaded files (ingestion point: Skill tool) are executed without sanitization or rationalization (capability: Skill/TodoWrite tools).
- PROMPT_INJECTION (MEDIUM): The 'Using Skills' flowchart establishes a mandatory behavioral loop that prioritizes tool invocation over user interaction or clarification, ensuring that external instructions take precedence over the agent's system prompt or safety training.
Recommendations
- AI detected serious security threats
Audit Metadata