ralph-loop
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill contains multiple
curlcommands fetching content fromhttps://fullstackrecipes.com(e.g.,/api/recipes/agent-setup,/api/recipes/ralph-setup). This domain is not a trusted source, and the content being fetched is used for system configuration and setup. - REMOTE_CODE_EXECUTION (MEDIUM): While the
curloutput is not explicitly piped tobashin the provided snippets, the context of 'completing recipes' for 'configuration' and 'setup' strongly implies that the downloaded content contains commands or instructions meant to be executed by the user or the agent. - PROMPT_INJECTION (LOW): Ingestion of untrusted remote content (Category 8). The skill lacks boundary markers or sanitization when fetching external 'recipes'. An attacker controlling the remote domain could provide malicious markdown or instructions that override agent behavior during the development loop.
Recommendations
- AI detected serious security threats
Audit Metadata