lfg
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill uses strong imperative language ("Run these slash commands in order. Do not do anything else.") and a loop command ("/ralph-wiggum:ralph-loop") to constrain the agent's behavior and override typical reasoning patterns.
- [Indirect Prompt Injection] (LOW): The skill demonstrates an attack surface for indirect prompt injection by interpolating external data into highly capable tools.
- Ingestion points: User-provided
[feature description]is mapped to$ARGUMENTSinSKILL.md. - Boundary markers: No delimiters or "ignore instructions" warnings are used when interpolating
$ARGUMENTSinto the plan. - Capability inventory: The workflow includes autonomous code generation and execution (
/workflows:work), and browser-based testing (/compound-engineering:test-browser). - Sanitization: There is no evidence of input validation or escaping for the
$ARGUMENTSvariable before it is processed by the planning engine.
Audit Metadata