ralph-mobile
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interprets instructions from external documentation.
- Ingestion points: Reads the full PRD file from docs/tasks/ paths.
- Boundary markers: No explicit delimiters or instructions are used to distinguish between system instructions and untrusted content from the PRD.
- Capability inventory: The agent can modify various project files and execute npx commands.
- Sanitization: No sanitization of PRD content is performed before the agent implements the described user stories.
- [COMMAND_EXECUTION]: The skill executes local shell commands to verify implementation quality.
- Evidence: Uses npx tsc --noEmit for type verification and npx expo install --check for dependency management as part of its Quality Gates process.
Audit Metadata