ralph-plan
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious patterns detected. The skill functions entirely as a set of instructional guidelines for a language model to facilitate a collaborative planning session.
- Data Exposure (INFO): The skill encourages the agent to 'proactively explore the codebase'. While this grants the agent visibility into the project files, the skill itself does not specify any automated exfiltration or sensitive path access. The resulting plan is intended for human review before execution.
- Indirect Prompt Injection (LOW): As a planning tool that reads codebase content, it is theoretically a surface for indirect injection if a file being 'researched' contains malicious instructions. However, because the output is a text plan presented to the user for manual copying, the risk of automated exploitation is negligible.
Audit Metadata