The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill contains aggressive instructions designed to override the agent's standard behavior and safety loops. Specifically, it uses 'CRITICAL: AUTONOMOUS EXECUTION' and repeated mandates like 'You MUST automatically start implementing tasks', 'Do NOT stop after setup', and 'DO NOT ask user to run the loop'. These directives attempt to force the agent into an unrestricted, autonomous state that ignores typical interaction boundaries.
[REMOTE_CODE_EXECUTION] (HIGH): The skill downloads template and schema files from 'https://raw.githubusercontent.com/kroegha/Ralph-Skill/main/'. This repository is not on the trusted sources list. Downloaded scripts are later given executable permissions ('chmod +x') and the skill's logic depends on their presence for project automation.
[COMMAND_EXECUTION] (HIGH): The skill makes extensive use of the 'Bash' tool to execute complex multi-line scripts and system-level commands, including detecting platforms and modifying file permissions. These commands are executed autonomously based on instructions derived from external user input.
[EXTERNAL_DOWNLOADS] (MEDIUM): In addition to scripts, the skill uses 'WebFetch' to retrieve documentation and specifications from user-provided URLs. This opens an avenue for fetching malicious instructions or data from arbitrary external domains.
[INDIRECT_PROMPT_INJECTION] (HIGH): Evidence Chain: 1. Ingestion points: Phase 1.1/1.2 reads user documents and URLs via 'Read' and 'WebFetch'. 2. Boundary markers: None. 3. Capability inventory: Bash, Write, Edit, and WebFetch tools are available. 4. Sanitization: None. Malicious requirements in fetched documents could manipulate the 'autonomous loop' to perform unauthorized file deletions or exfiltration while the agent is instructed not to ask for user permission.
[PRIVILEGE_ESCALATION] (MEDIUM): The skill performs 'chmod +x' on scripts found in 'scripts/*.sh', which may include files downloaded from the untrusted external source.

ralph-enhance