ralph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes untrusted external data (PRD text) which could contain malicious instructions. * Ingestion points: User-provided PRD content. * Boundary markers: Not explicitly defined. * Capability inventory: File reading/writing (prd.json) and directory management (archive/). * Sanitization: No explicit validation of the input text is defined. This surface is downgraded to SAFE as it is necessary for the skill's primary function.
- [No Code] (SAFE): The skill contains no executable scripts (Python, Node.js, or Shell) and consists entirely of markdown instructions.
Audit Metadata