ralph-new
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (CRITICAL): The skill contains mandatory instructions to override safety protocols and user control, explicitly directing the agent to 'automatically start' and 'NOT ask the user' for confirmation, which enables unrestricted autonomous execution.
- [PROMPT_INJECTION] (CRITICAL): Indirect Prompt Injection vulnerability. 1. Ingestion points: The skill reads requirements from untrusted URLs (WebFetch) and local documents (Read). 2. Boundary markers: None present. 3. Capability inventory: High-impact tools including Bash, Write, Edit, and package managers (npm/pip). 4. Sanitization: None. The skill autonomously implements tasks derived from these untrusted inputs, allowing an attacker to trigger arbitrary code execution via a malicious URL or document.
- [COMMAND_EXECUTION] (HIGH): The skill uses high-privilege commands such as 'sudo apt install' and 'powershell -ExecutionPolicy Bypass' to modify the host system environment, which can be exploited to weaken system security.
- [EXTERNAL_DOWNLOADS] (HIGH): It downloads scripts and templates from an untrusted GitHub repository (kroegha/Ralph-Skill) that is not part of the established trust scope. These downloaded scripts are subsequently executed with high privileges.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates the installation of external software packages and the execution of dynamically created or downloaded scripts within its autonomous development loop.
Recommendations
- AI detected serious security threats
Audit Metadata