ralph
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/setup-codex-hook.shexecutes shell commands and utilizes Python snippets to programmatically modify the user's~/.codex/config.tomlfile. - [PROMPT_INJECTION]: The 'Ralph' mode implements a persistent loop mechanism triggered by instructions such as 'don't stop', 'must complete', and 'until it works'. This logic explicitly instructs the AI to ignore standard session exit conditions and continue iterating until a specific 'promise' token is detected or an iteration limit is reached.
- [EXTERNAL_DOWNLOADS]: The documentation directs users to install plugins and extensions from external GitHub repositories, specifically
github.com/Q00/ouroboros, which is outside the primary vendor's trusted scope. - [REMOTE_CODE_EXECUTION]: The Claude Code integration defined in
SKILL.mdconfigures hooks that execute external JavaScript files (session-start.mjs,keyword-detector.mjs,drift-monitor.mjs) which are not included in the provided skill files but are loaded from the plugin root at runtime. - [REMOTE_CODE_EXECUTION]: The skill encourages installation via
npx skills addfrom a remote repository, which involves downloading and executing third-party code packages.
Audit Metadata