base
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to search for and read a centralized secret storage file located at
~/Documents/Access.txtto harvest API keys (e.g., OpenAI, Anthropic, Render). This practice exposes sensitive, plain-text credentials to the agent's session context and subsequent project files like.env.- [COMMAND_EXECUTION]: The skill defines mandatory workflows that execute various shell commands across Node.js, Python, and React environments for testing and linting. It also introduces a custom/ralph-loopcommand used to iteratively execute tasks based on user input.- [PROMPT_INJECTION]: The 'Automatic Iterative Mode' feature creates an indirect prompt injection surface by interpolating raw user input into a shell command structure.\n - Ingestion point: User-supplied task requests (e.g., 'Add email validation').\n
- Boundary markers: Absent; the skill places user input inside a markdown-formatted string within a shell command without clear delimiters or 'ignore' instructions.\n
- Capability inventory: Execution of the
/ralph-loopcommand and various development tools (npm, pytest, ruff).\n - Sanitization: Absent; there are no instructions to validate or escape user input before it is used to construct the iterative task prompt.
Recommendations
- AI detected serious security threats
Audit Metadata