Skills
skills/ralphcrisostomo/nuxt-development-skills/ralph-verify-acceptance-criteria/Gen Agent Trust Hub

ralph-verify-acceptance-criteria

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands and project scripts to perform verification, specifically using bun run lint for typechecking, bun run tf:plan:staging for infrastructure planning, and ./skills/dev-browser/server.sh for browser testing.
  • [CREDENTIALS_UNSAFE]: The skill is designed to access local environment variables (DEV_DEMO_EMAIL, DEV_DEMO_PASSWORD) from the .env file for automated authentication and relies on AWS credentials for executing Terraform plan operations.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it determines its verification strategy based on the contents of the scripts/ralph/prd.json file.
  • Ingestion points: The scripts/ralph/prd.json file, specifically the userStories array and its acceptance criteria strings.
  • Boundary markers: No specific delimiters or instructions to ignore instructions within the data are used during processing.
  • Capability inventory: The skill has the ability to execute subprocesses (via bun and bash), read and write project files, and perform browser-based visual verification.
  • Sanitization: The skill does not implement validation or sanitization of the strings found in the PRD before classifying them into verification strategies.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 07:25 PM