ralph
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempt to override agent behavior, bypass safety filters, or extract system prompts.
- Data Exposure & Exfiltration (SAFE): The skill only interacts with local project files (e.g., prd.json, progress.txt) for archiving and formatting. No sensitive system paths (~/.ssh, ~/.aws) or network operations (curl, fetch) were detected.
- Indirect Prompt Injection (SAFE):
- Ingestion points: The skill processes external PRD content (markdown/text) provided as input.
- Boundary markers: No specific delimiters or safety warnings for input data are defined.
- Capability inventory: Capabilities are restricted to local file writing and directory creation. No shell execution or dynamic code evaluation.
- Sanitization: Not explicitly defined, but the output is restricted to a structured JSON schema, which limits the impact of malicious content.
- Remote Code Execution & Dependencies (SAFE): No external Python or Node.js packages are required. No remote scripts are downloaded or executed.
- Persistence & Privilege Escalation (SAFE): The skill does not attempt to modify system startup scripts, shell profiles, or acquire elevated permissions (sudo).
Audit Metadata