ralph-wiggum-v2
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTION
Full Analysis
- [Remote Code Execution] (LOW): The skill is designed to autonomously write and execute tests and code fixes within a project directory. While this involves executing dynamically generated content, it is the primary intended function of the skill. Users should ensure the environment where the agent runs is appropriately isolated.
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection because it ingests untrusted data from a codebase to drive its review and fixing logic.
- Ingestion points: Files within the
{project}directory are read during Phase 1 (discovery) and Phase 2 (review swarm). - Boundary markers: No explicit instructions are provided to the agents to treat code comments or strings as non-instructional data.
- Capability inventory: The skill can perform file-write operations, execute tests, and run build commands (Phase 3 and Final Verification).
- Sanitization: There is no evidence of sanitizing or filtering input from the project files before processing by the LLM agents.
Audit Metadata