Skills
skills/basecamp/dev-skills/ralph-lisa-loop/Gen Agent Trust Hub

ralph-lisa-loop

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dispatches autonomous subagents using the Agent tool with the mode="bypassPermissions" configuration. This allows subagents to modify the local filesystem without requiring individual permission prompts from the user for each operation.
  • [COMMAND_EXECUTION]: The preflight stage requests to modify the agent's global settings file (~/.claude/settings.json) to install a Stop hook. This change prevents the agent from terminating during active loops, establishing a persistent execution environment for the session.
  • [DATA_EXFILTRATION]: The skill reads the ~/.claude/settings.json configuration file during preflight to check for existing hook installations and to verify environment readiness.
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing the @openai/codex package from the official registry and configuring it as an MCP server. While originating from a trusted organization, these actions involve downloading and executing external code to facilitate the review process.
  • [PROMPT_INJECTION]: The loop architecture processes user-supplied prompts and repository artifacts through multiple autonomous agent layers. The skill's documentation identifies external reviewer output as a trust boundary, acknowledging the risk that repository content could be used to influence subagent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 05:45 PM