ralph
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's installation step uses a remote GitHub extension URL (https://github.com/gemini-cli-extensions/ralph) which, when installed/updated, fetches and runs extension code that implements the AfterAgent hook and directly controls the agent's prompt/loop behavior, making it a required external dependency that affects runtime control.
Audit Metadata