ralph
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script located at
.claude/scripts/ralph.sh. Because the script's content is not provided for analysis, its potential actions on the host system cannot be fully audited. - [COMMAND_EXECUTION]: The skill depends on and invokes the
ampCLI andjqfor environment pre-checks and process management. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion point: Untrusted data enters via user-provided Markdown PRDs. Boundary markers: Absent. Capability inventory: The agent can write files, commit to Git, and execute bash scripts (SKILL.md). Sanitization: Absent. Malicious instructions in a PRD could be executed as valid tasks.
Audit Metadata