ralph-hats
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the
ralphCLI tool to perform its primary functions, includingralph hats validate,ralph hats graph,ralph hats show, andralph runas described inreferences/commands.mdandSKILL.md. - [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the skill processes user-authored YAML configuration files. 1. Ingestion points: The skill reads existing configuration files from
.ralph/hats/*.ymlas part of the inspection and improvement workflows. 2. Boundary markers: There are no explicit boundary markers or instructions to the LLM to ignore embedded commands within the ingested YAML data. 3. Capability inventory: The skill possesses the capability to write to the local file system and execute subprocesses via theralphCLI. 4. Sanitization: No evidence of sanitization or filtering of the natural language fields within the YAML files is present.
Audit Metadata