ralph-wiggum
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The installer script
install.shdownloads multiple bash scripts from an untrusted personal GitHub repository (agrimsingh/ralph-wiggum-cursor) to the local.cursor/ralph-scripts/directory. - REMOTE_CODE_EXECUTION (HIGH): Multiple files, including
install.shandscripts/init-ralph.sh, contain instructions to download and execute scripts directly from the internet using thecurl | bashpattern. This includes downloads fromcursor.comandraw.githubusercontent.com, neither of which are within the specified trusted organization scope for this audit. - COMMAND_EXECUTION (HIGH): The
install.shscript employssudoto modify system-level package repositories and install thegumutility on Debian, Fedora, and RHEL-based systems, which is an unnecessary elevation of privilege for a developer tool skill. - INDIRECT_PROMPT_INJECTION (LOW): The skill has a large attack surface as it ingests untrusted task definitions from
RALPH_TASK.md(Ingestion point) without boundary markers or sanitization. The agent possesses capabilities to execute arbitrary shell commands via thetest_commandproperty and perform git operations (Capability inventory), creating a vector where malicious instructions in a task file could lead to unauthorized code execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/agrimsingh/ralph-wiggum-cursor/main/install.sh, https://cursor.com/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata