ralph-loop-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input data (descriptions or PRD files) and incorporates it into a structured prompt intended for autonomous execution. This creates an indirect prompt injection surface where instructions embedded in the input source could influence the behavior of the generated prompt. 1. Ingestion points: and CLAUDE.md. 2. Boundary markers: None present. 3. Capability inventory: Local file read and write operations. 4. Sanitization: No sanitization of input content before interpolation.- [COMMAND_EXECUTION]: The skill suggests shell commands for the user to execute manually (e.g., using cat to pass file content to another skill). It does not perform any hidden or automated command execution.
Audit Metadata