ralph-it
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests untrusted data from GitHub.\n
- Ingestion points: Fetches PRD issues and merged PR bodies/comments using the GitHub CLI in SKILL.md.\n
- Boundary markers: Absent; there are no instructions to ignore embedded commands.\n
- Capability inventory: Can modify issues, create pull requests, and execute shell commands for testing and implementation in SKILL.md.\n
- Sanitization: None; the skill lacks mechanisms to sanitize or validate content fetched from GitHub.\n- [COMMAND_EXECUTION]: The skill executes various system commands through the GitHub CLI and local environment.\n
- Evidence: Uses gh CLI commands to fetch issues, list PRs, create branches, and edit issue content.\n
- Evidence: Performs implementation tasks and executes test/typecheck suites as part of the implementation workflow.
Audit Metadata