ralph-multimodel
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (CRITICAL): The skill provides 'yolo' and 'full-auto' modes for autonomous code execution without human review.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill processes untrusted web content from research phases and uses it to generate and execute commands, a high-risk surface for indirect prompt injection.
- [DATA_EXFILTRATION] (HIGH): It requests broad read/write access to user project directories ('D:\Projects*') and configuration paths ('~/.claude/').
- [PROMPT_INJECTION] (MEDIUM): The instructions to 'extract' and 'adapt' logic from arbitrary local projects allow for local-to-agent injection attacks.
Recommendations
- AI detected serious security threats
Audit Metadata