super-ralph-wiggum
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains utility shell scripts (
setup-ralph-loop.sh,stop-hook.sh,init-progress.sh) used to initialize and manage the autonomous loop state. These scripts perform standard file operations (reading, writing, and updating local markdown and text files) and use common system utilities likejq,sed,awk, andperl. These operations are transparent and consistent with the skill's stated purpose of loop management. - [PROMPT_INJECTION]: The skill's architecture for autonomous feature development and code cleaning introduces a surface for indirect prompt injection (Category 8).
- Ingestion points: The agent is instructed to read and interpret repository content, including PRD files (
prd.json), progress logs (progress.txt), and project source code, to decide on and execute its next actions. - Boundary markers: The provided prompt templates (such as those for feature implementation and test coverage) do not include specific delimiters or XML tagging to separate the instructions from the potentially untrusted data being processed from the codebase.
- Capability inventory: The skill operates within the Claude Code toolset, meaning the agent has capabilities to write files, execute shell commands, and perform git operations without immediate human intervention in 'AFK' mode.
- Sanitization: There is no mechanism within the skill's scripts or templates to validate or sanitize the content of the files being read before the agent processes them, relying on the model's internal safety filters.
Audit Metadata