ralph
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing extensions and templates from non-trusted GitHub repositories such as 'Q00/ouroboros' and 'supercent-io/skills-template'.
- [COMMAND_EXECUTION]: The 'setup-codex-hook.sh' script modifies local CLI configuration files ('~/.codex/config.toml') to inject custom instructions into the agent's developer environment.
- [COMMAND_EXECUTION]: The skill configures persistent hooks (e.g., SessionStart, AfterAgent, UserPromptSubmit) that execute local Node.js and Bash scripts automatically during agent sessions.
- [PROMPT_INJECTION]: The instructions include specific triggers like 'stop prompting' and 'don't stop' to activate an autonomous 'Ralph' loop that overrides normal turn-based constraints.
Audit Metadata