Skills
skills/eins78/skills/ralph-plot-sprint/Gen Agent Trust Hub

ralph-plot-sprint

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted external sources.
  • Ingestion points: Processes pull request comments and code diffs using gh api and gh pr diff as described in SKILL.md (Steps 0, 1, and 4).
  • Boundary markers: Absent. External content from GitHub is processed without delimiters or isolation instructions.
  • Capability inventory: High-privilege operations including git push --force-with-lease, gh pr merge, and arbitrary code/test execution during task implementation in SKILL.md.
  • Sanitization: Absent. Untrusted data is not validated or sanitized before being incorporated into the prompt context.
  • [COMMAND_EXECUTION]: Performs high-impact version control and system operations.
  • Repository modification: Executes git push --force-with-lease and gh pr merge, which can alter repository history and state.
  • Confirmation Bypass: The runner script ralph-sprint.sh invokes the agent with the --dangerously-skip-permissions flag, removing human oversight for sensitive actions.
  • [DATA_EXFILTRATION]: Transmits iteration summaries to a user-configured external server.
  • Mechanism: The ralph-sprint.sh script sends data to an ntfy server using curl and environment-provided credentials.
  • Vulnerability: An attacker could potentially influence the content of these summaries via indirect prompt injection to exfiltrate information from the execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:29 AM