Skills
skills/supercent-io/skills-template/ralph/Gen Agent Trust Hub

ralph

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a loop "contract" that instructs the agent to ignore standard task boundaries and autonomously re-run prompts until specific XML markers are detected. This overrides the agent's native completion logic and safety constraints.
  • [COMMAND_EXECUTION]: The setup-codex-hook.sh script executes automated filesystem operations and a Python-based configuration modifier to inject persistent instructions into the user's ~/.codex/config.toml file, altering the agent's global behavior.
  • [EXTERNAL_DOWNLOADS]: The skill documentation directs users to install an extension from an external GitHub repository (github.com/gemini-cli-extensions/ralph) that is not associated with a trusted vendor or well-known service.
  • [REMOTE_CODE_EXECUTION]: The recommended installation command for the Gemini CLI employs an --auto-update flag with a remote GitHub URL from an untrusted source. This configuration allows for the automatic execution of remote code updates on the host system without manual verification.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 06:39 AM