using-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs extremely forceful and absolute language designed to bypass the agent's internal reasoning and safety filters regarding tool usage.
- Evidence: The skill uses directives such as "ABSOLUTELY MUST," "not negotiable," and "not optional" to force the agent to read other skills before responding.
- Evidence: The "Red Flags" section explicitly instructs the agent to ignore its own logical hesitations or requests for context (e.g., "I need more context first") in favor of immediate skill tool invocation.
- [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by mandating the automatic ingestion of instructions from other files without validation.
- Ingestion points: The skill requires the agent to read workflow files (e.g., /define, /architect) via the Skill tool at the start of any conversation.
- Boundary markers: No delimiters or instructions are provided to the agent to distinguish between the fetched skill content and its core safety instructions.
- Capability inventory: The agent is instructed to produce dated artifacts and follow technical designs based on the content of these external skills.
- Sanitization: No sanitization or verification process is mentioned; the agent is simply told to follow "Rigid" skills exactly.
Audit Metadata