ralph-methodology
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The 'Ralph Loop' methodology reads instruction prompts from a local file (
.claude/ralph-loop.local.yml), which can be modified by external processes or other agent actions. - Ingestion points:
.claude/ralph-loop.local.yml(YAML state file). - Boundary markers: Absent; instructions direct the agent to re-feed the prompt content directly into the loop.
- Capability inventory: 'Autonomous AI coding loops' imply the ability to execute system commands and modify files.
- Sanitization: None provided; the agent is instructed to trust the prompt content in the state file.
- [Command Execution] (LOW): The skill includes a bash command example (
grep) used to monitor the iteration status of the loop. - [No Code] (INFO): The skill provides logic and architectural guidance but does not contain actual scripts, tool definitions, or executable code.
Audit Metadata