ralph-loop-template
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically extracts verification commands (e.g., test or build scripts) from local project configuration files such as
package.json,Makefile, andCargo.toml. These strings are then embedded into a generated prompt file and executed by the agent during the iteration process without any validation or sanitization, potentially allowing arbitrary command execution if a project file is compromised. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from multiple sources.
- Ingestion points: Processes content from various local files including
PLAN.md,TODO.md,PRD.md,CLAUDE.md, and.cursorrulesinSKILL.md(Step 1 and Step 2). - Boundary markers: The generated prompt template (
references/prompt-template.md) lacks explicit boundary markers or instructions to ignore embedded directions within the ingested plan content. - Capability inventory: The generated workflow involves file system modifications and the execution of shell commands derived from the project environment.
- Sanitization: There is no evidence of filtering, escaping, or validation of the data extracted from the project files before it is interpolated into the generated prompt.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a plugin located in the official Anthropics GitHub repository (
anthropics/claude-code). This is a reference to a trusted organization.
Audit Metadata