ralph-loop-template
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted local project files to generate instructions for an AI agent.
- Ingestion points: In SKILL.md Steps 1 and 2, the skill reads content from plan files (PLAN.md, TODO.md, prd.md) and project configuration files (CLAUDE.md, package.json).
- Boundary markers: The generated checklist files do not utilize specific delimiters or isolation markers to distinguish between system instructions and processed project data.
- Capability inventory: Across its scripts, the skill performs file-write operations to the local project root (PROMPT-*.md) and generates command strings for the agent to execute.
- Sanitization: Content extracted from local files is interpolated directly into templates without evidence of escaping or validation.
- [EXTERNAL_DOWNLOADS]: The skill documentation references a requirement for the 'ralph-wiggum' plugin located in the official Anthropics GitHub repository, which is a trusted organization.
Audit Metadata