ralph-feedback-batch-protocol
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a workflow for processing human-provided feedback that influences the agent's internal state and replanning logic, introducing a surface for indirect prompt injection.
- Ingestion points: Human feedback is recorded in
feedbacks.mdand processed by the orchestrator. - Boundary markers: The template uses YAML frontmatter and Markdown headers for structure, but lacks explicit instruction to ignore potential commands embedded within the feedback text.
- Capability inventory: The skill modifies
metadata.yamlto transition the orchestrator state toREPLANNINGand passes control to a planner agent. - Sanitization: There are no mechanisms described for sanitizing or validating the feedback content.
- [NO_CODE]: The skill is composed entirely of Markdown instructions and templates with no attached scripts, which eliminates the risk of direct malicious code execution within this specific component.
Audit Metadata