ralph
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes bash to manage task state and execute development commands.
- Evidence: Uses
echo,cat,mkdir, andcpto manage IDs and progress logs in thescripts/ralph/directory. - Evidence: Executes
git addandgit committo manage version control during the execution loop. - Evidence: Invokes
npm run typecheckandnpm testas mandatory quality checks for each implemented task. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its task implementation loop.
- Ingestion points: The skill ingests untrusted data from user feature descriptions (Step 1) and task list descriptions (Phase 2).
- Boundary markers: No explicit delimiters or instructions are used to separate task descriptions from the agent's core instructions in the
handofftool invocation. - Capability inventory: The skill has access to shell execution (
bash), version control (git), task management tools, and theagent-browserfor UI verification. - Sanitization: There is no evidence of sanitization or verification of the content within task descriptions before they are used to generate the goal for the
handoffagent. - [REMOTE_CODE_EXECUTION]: The skill utilizes the
handofftool to dynamically execute tasks based on external instructions. While these are natural language instructions rather than binary code, they direct the agent to perform code modifications and execute shell commands on the local system.
Audit Metadata