ralph-wiggum-v2
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The skill's 'Review Swarm' reads external files from a project and processes them to generate fixes and tests. Malicious code or comments within these files could hijack the agent's logic.\n
- Ingestion points: 'Bootstrap categories from codebase structure' and 'Parallel Agent Review Swarm' (SKILL.md).\n
- Boundary markers: Absent. There are no instructions to differentiate between code data and agent instructions.\n
- Capability inventory: 'Write failing test', 'Implement minimal fix', 'Verify test passes', and 'Run full test suite' (SKILL.md).\n
- Sanitization: Absent. Content is processed directly into the agent's reasoning loop.\n- [COMMAND_EXECUTION] (HIGH): The skill's core functionality relies on executing code ('Verify test passes', 'Run full test suite'). An attacker leveraging the prompt injection vulnerability could cause the agent to execute arbitrary system commands via these test execution steps.\n- [REMOTE_CODE_EXECUTION] (HIGH): Although no external download URLs were detected, the autonomous execution of agent-generated code influenced by untrusted project data constitutes a significant execution risk equivalent to RCE.
Recommendations
- AI detected serious security threats
Audit Metadata