ralph-wiggum
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an autonomous loop ('Repeat until all stories pass') and provides an invocation prompt that directs the agent to repeatedly execute tasks based on external file content. This creates a risk of the agent becoming trapped in a loop or acting on malicious instructions if the input files are compromised.
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface (Category 8). The skill processes data from untrusted local files to guide agent behavior. • Ingestion points: 'plans/prd.json' (user stories and acceptance criteria) and 'plans/progress.txt' (session learnings and next steps). • Boundary markers: Absent. The skill does not define delimiters or provide 'ignore instructions' warnings when reading these files. • Capability inventory: The skill has the capability to execute shell commands via 'pnpm' (lint, test, build), perform git operations, and write to the file system. • Sanitization: Absent. The skill does not validate or escape the content of the PRD or progress files before using them to drive the agent's logic.
- [COMMAND_EXECUTION]: The skill specifies a verification pipeline involving shell commands such as 'pnpm run type-check', 'pnpm run lint', 'pnpm vitest run', and 'pnpm build'. These commands are standard for the intended use case of software development automation and are considered appropriate in this context.
Audit Metadata