ralph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection vulnerability (Category 8) by processing untrusted data to perform file operations.
- Ingestion points: Input PRD markdown or text provided by the user.
- Boundary markers: No delimiters or warnings are used to separate untrusted PRD content from agent instructions.
- Capability inventory: Reading and writing
prd.json, readingprogress.txt, creating directories, and copying files within the local workspace. - Sanitization: The skill does not describe any methods for validating or escaping content from the ingested PRDs.
- File System Access (SAFE): The file operations (read, write, archive) are scoped to the project's local directories and directly support the skill's stated purpose of project tracking and format conversion.
Audit Metadata