ralphmode
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill recommends using CLI flags that explicitly disable or bypass platform security sandboxes and manual approval prompts, such as
--dangerously-skip-permissionsfor Claude Code,--dangerously-bypass-approvals-and-sandboxfor Codex CLI, and--yolofor Gemini CLI. - [PROMPT_INJECTION]: Contains instructions directed at the agent to operate in 'bypass' or 'YOLO' modes, which are intended to override the default safety and approval constraints of the host platform.
- [COMMAND_EXECUTION]: Instructs the user to create and execute local shell scripts (
ralph-safety-check.shandralph-tier1-check.sh) as pre-execution safety hooks. These scripts process tool inputs using python3 logic to enforce custom security boundaries.
Audit Metadata