ralph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (PRDs) into structured JSON without sanitization, creating an attack surface for indirect prompt injection.
- Ingestion points: Markdown-formatted PRD files or text input (documented in 'The Job' section of SKILL.md).
- Boundary markers: Absent. No delimiters or instructions are provided to the agent to distinguish between PRD data and potential instructions.
- Capability inventory: The skill utilizes 'Read' and 'Write' tools to modify the local filesystem, including writing 'prd.json' and managing an 'archive/' directory.
- Sanitization: Absent. Content from the PRD is directly mapped to JSON fields like 'description' and 'userStories'.
Audit Metadata