ripple-ts
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill explicitly instructs the agent to read an external documentation file (
https://www.ripple-ts.com/llms.txt) for "comprehensive reference". - Ingestion points: SKILL.md 'Documentation Links' and 'llms.txt' reference.
- Boundary markers: Absent. The skill does not provide any delimiters or warnings to ignore potentially malicious instructions within the external file.
- Capability inventory: The skill provides and encourages the use of terminal commands including
npx degit,npm install, andnpm run dev(subprocess execution). - Sanitization: Absent. There is no validation of the content fetched from the remote URL before it is processed by the agent.
- [External Downloads] (MEDIUM): The skill promotes downloading templates from an unverified GitHub repository (
Ripple-TS/ripple) and installing packages from NPM (ripple,@ripple-ts/vite-plugin). - The 'Ripple-TS' organization is not within the defined [TRUST-SCOPE-RULE], meaning these dependencies must be manually audited for safety.
- [Command Execution] (MEDIUM): Provides executable shell patterns for project setup and running a development server.
- Evidence:
npx degit Ripple-TS/ripple/templates/basic my-appandnpm run devin SKILL.md.
Recommendations
- AI detected serious security threats
Audit Metadata