ralph-loop
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to automatically detect and run project-specific commands for building, testing, and execution (as documented in Phase 1 and the
.ralph/AGENT.mdfile). This grants the agent significant capability to execute arbitrary code on the host system to fulfill its iterative development goals. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it directly interpolates unvalidated user input into the system prompt of a sub-agent.
- Ingestion points: The user-provided
<작업 설명>(task description) is used to populate.ralph/PROMPT.mdand the execution prompt for the Task agent. - Boundary markers: There are no boundary markers or 'ignore embedded instructions' warnings around the user-provided description, allowing it to potentially override the skill's operational logic.
- Capability inventory: The skill is capable of modifying/creating any file in the project directory and executing shell commands (Phase 2).
- Sanitization: No sanitization, validation, or filtering of the user's task description is performed before it is processed by the agent.
Audit Metadata