ralph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill executes shell commands (e.g., npm run test, git commit) based on the
ralph.jsonconfiguration. This behavior is expected for its stated purpose of automating software development tasks. - [Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface where instructions embedded in processed data could override agent behavior.
- Ingestion points: The agent reads and processes
prd.json,progress.json, and markdown files located in/tasks/. - Boundary markers: Absent. There are no instructions to the agent to treat the content of these files as data only or to ignore embedded natural language instructions.
- Capability inventory: The skill allows the agent to run subprocesses via
npm, perform file writes, and create new sessions using the/newcommand. - Sanitization: Absent. The skill does not implement any escaping, validation, or filtering of the task descriptions or user stories before they are used to influence the agent's next session context.
Audit Metadata