Skills
skills/akillness/skills-template/ralph/Gen Agent Trust Hub

ralph

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The setup script scripts/setup-codex-hook.sh performs direct file system modifications, creating directories and writing to the user's home folder (~/.codex).
  • [PERSISTENCE]: The setup script permanently modifies the developer_instructions in ~/.codex/config.toml, which alters the agent's core behavior across all future sessions when the /ralph command is used.
  • [DYNAMIC_EXECUTION]: The bash script executes a Python heredoc (`python3
  • ... <<'PYEOF'`) to perform complex regex-based edits on local configuration files.
  • [EXTERNAL_DOWNLOADS]: The documentation suggests installing extensions from https://github.com/gemini-cli-extensions/ralph, which is an external source outside of the trusted organization list.
  • [PROMPT_INJECTION]: The core logic implements a self-referential loop that overrides standard agent termination, instructing the model to disregard its usual exit logic in favor of a specific completion promise check.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 02:45 PM