The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes direct shell commands in Step 7 to establish environment marker files: mkdir -p "$CLAUDE_PROJECT_DIR/.claude" && touch "$CLAUDE_PROJECT_DIR/.claude/.ralph-checked". This action uses project-scoped environment variables to modify the filesystem outside of standard file-writing tools.
[REMOTE_CODE_EXECUTION]: The skill performs dynamic code generation by creating and writing executable bash scripts (ralph-once.sh and ralph.sh) to the repository root. These scripts are intended for autonomous execution and contain instructions to invoke the agent's CLI tools in a loop.
[PROMPT_INJECTION]: The skill creates a structural surface for indirect prompt injection by designing a workflow that automatically processes untrusted data from external sources.
Ingestion points: The generated scripts are instructed to read tasks directly from GitHub issues and issue comments (SKILL.md, Step 1 and 4).
Boundary markers: The generated prompt templates do not include delimiters or specific safety instructions to isolate external issue content from the agent's core task instructions.
Capability inventory: The autonomous loop utilizes the /execute capability, which includes the ability to modify source code, commit to git, and run repository-specific build or test commands (SYSTEM-OVERVIEW.md).
Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded in the GitHub issues before they are processed by the agent.

setup-ralph-loop