ralph-loop

SUSPICIOUS: The skill’s core purpose matches orchestration of coding-agent loops, but its footprint is high-risk because it grants broad autonomous execution to external CLIs and promotes dangerous approval-bypass flags. Install trust is mostly same-org official for OpenCode/Codex/Claude/Goose, lowering malware concern, but Pi provenance is weaker and the overall design is still risky due to delegated autonomy over code, tests, and commits.