ralph-promax
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's core execution engine and Phase 1.3 (Hidden Systems) instructions in
references/phase-details.mddirect the agent to execute intensive system-level reconnaissance commands, including process listing (ps aux), network socket inspection (ss -tulpn), open file listing (lsof -i), and systemd unit auditing. - [DATA_EXFILTRATION]: The instructions in
references/phase-details.md(Phase 1.3, 3, and 4) require the agent to read and analyze highly sensitive system files and credentials, including/etc/passwd,/etc/sudoers, SSH keys, bash history,.envfiles, and hardcoded secrets. While intended for auditing, this provides the agent with access to data that could be used for exfiltration. - [REMOTE_CODE_EXECUTION]: The 'Execution Engine' in
SKILL.mdcontains a specific instruction (Step 7: EXPLOIT) that commands the agent to 'Attempt to exploit if vulnerability found'. This encourages the agent to generate and execute potentially malicious payloads (e.g., SQL injection, command injection, or path traversal) against the environment it is auditing. - [PROMPT_INJECTION]: The skill uses authoritative and restrictive language ('YOU MUST follow this loop... NO EXCEPTIONS', 'CRITICAL rules', 'NEVER skip') to enforce its complex logic and override default agent behaviors during the audit process.
Recommendations
- AI detected serious security threats
Audit Metadata