Skills
skills/mikeyobrien/ralph-orchestrator/code-task-generator/Gen Agent Trust Hub

code-task-generator

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from local files or external URLs to generate instructions for subsequent agent actions.
  • Ingestion points: The input parameter accepts direct text, file paths, directory paths, or URLs (SKILL.md).
  • Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the input data.
  • Capability inventory: The skill can read local files (plans/docs), write files (code-task files), access the network via the URL input, and suggests shell command execution for the 'Ralph' tool (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the input content is described before it is used to structure requirements or generate prompts.
  • [COMMAND_EXECUTION]: The skill suggests the execution of local CLI commands in Step 7, specifically ralph run --config presets/pdd-to-code-assist.yml. While these are predefined presets, the tool's behavior depends on the PROMPT.md file generated from potentially untrusted input.
  • [EXTERNAL_DOWNLOADS]: The skill supports fetching input directly from URLs. This allows the agent to ingest content from arbitrary external domains, which could be used to deliver malicious payloads or instructions if the URL is attacker-controlled.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 09:09 AM