Skills
skills/jarmen423/skills/ralph-tui-prd/Gen Agent Trust Hub

ralph-tui-prd

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): This skill defines an attack surface by ingesting untrusted user input (feature descriptions) and interpolating it into a structured PRD output.
  • Ingestion points: Feature descriptions provided by the user in Step 1.
  • Boundary markers: The skill uses [PRD]...[/PRD] tags for the output, but lacks explicit delimiters or 'ignore' instructions for the initial user input.
  • Capability inventory: The skill itself has no capabilities (no subprocess calls, file writes, or network ops). It is purely a text generator.
  • Sanitization: No sanitization or validation of the user input is performed before it is included in the PRD.
  • [Command Execution] (SAFE): Although the skill mentions commands like pnpm typecheck and npm run lint, these are included as text examples for the AI to put into a document. The skill does not attempt to execute these commands.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM