meta-superpowers
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes coercive and imperative language (e.g., 'EXTREMELY-IMPORTANT', 'MUST', 'automatic failure') to override the agent's standard operational behavior and force adherence to its protocol.
- [PROMPT_INJECTION]: It attempts to suppress the agent's internal reasoning and common-sense checks by defining 'Rationalization Triggers' (e.g., 'This is simple', 'Skill is overkill') that the agent is instructed to ignore.
- [PROMPT_INJECTION]: The skill mandates that instructions from external skill files take precedence over user instructions regarding methodology (the 'HOW'), which functions as an instruction override/priority bypass.
- [PROMPT_INJECTION]: This skill creates an attack surface for indirect prompt injection by mandating a very low threshold ('1% chance') for loading and executing content from external 'skill' files without verification.
- Ingestion points: External files processed by the 'Skill tool' as part of the mandatory first-response protocol.
- Boundary markers: No instructions are provided to the agent to treat external skill content as untrusted or to use delimiters to prevent command execution.
- Capability inventory: The agent is encouraged to execute workflows from these files and record tasks using the 'TodoWrite' tool.
- Sanitization: The skill lacks any logic or instructions to validate or sanitize the instructions loaded from external sources.
- [NO_CODE]: The skill does not contain any executable scripts or binaries, relying solely on natural language instructions to influence the agent's tool-use behavior.
Audit Metadata