Skills
skills/team-attention/hoyeon/ralph/Gen Agent Trust Hub

ralph

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform file system operations, such as creating directories and writing 'Definition of Done' files in the $HOME/.hoyeon/ session path. It also interacts with the hoyeon-cli tool to manage session state. These operations are restricted to the platform's designated session directories.\n- [PROMPT_INJECTION]: The skill captures the user's initial request and re-injects it into the agent's context during iterative loops to maintain task focus. This mechanism constitutes an indirect prompt injection surface.\n
  • Ingestion points: User's original prompt is captured and stored in Phase 1, Step 3.\n
  • Boundary markers: The prompt is stored using single-quoted heredocs ('PROMPTEOF') and handled via jq to ensure safe JSON formatting and prevent shell injection.\n
  • Capability inventory: Access to Bash, Write, Edit, and the Agent tool for spawning sub-agents.\n
  • Sanitization: The implementation ensures safe storage and handling of the input string, although it does not filter the natural language content of the user's prompt itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 11:01 AM