using-superpowers
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill utilizes aggressive, mandatory language such as 'not negotiable', 'not optional', and 'automatic failure' to override the agent's internal reasoning and tool-selection logic. It explicitly instructs the agent to ignore its own safety assessments or efficiency considerations, labeling them as 'rationalizations'.
- Dynamic Execution (MEDIUM): The skill implements a workflow that dynamically loads and executes instructions from external files using the 'skill_use' tool based on the output of 'skill_find'. This constitutes dynamic loading from computed paths based on user-influenced search terms.
- Indirect Prompt Injection (LOW): The skill creates a high-risk surface for indirect prompt injection. Ingestion points: External files fetched via 'skill_find' and 'skill_use'. Boundary markers: Absent; the skill mandates following instructions 'exactly' and forbids adaptation. Capability inventory: Execution of tools like 'skill_use', 'skill_resource', and 'TodoWrite'. Sanitization: Explicitly forbidden by instructions to not 'rationalize' away the rules found in skills.
Audit Metadata