ralph-install
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a remote repository from 'https://github.com/tolulawson/ralph-harness' to obtain installation scaffolds.
- [REMOTE_CODE_EXECUTION]: The workflow explicitly instructs the agent to read 'INSTALLATION.md' from the remote repository and follow it as the 'authoritative install workflow'. This delegating of control to a remote, unversioned file allows for the execution of arbitrary instructions or commands defined outside of the audited skill files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and obeying instructions from external files. Ingestion points: 'INSTALLATION.md' and manifest files from the 'tolulawson/ralph-harness' repository. Boundary markers: None identified; instructions are treated as authoritative without delimiters. Capability inventory: The agent is authorized to clone repositories and perform installation tasks (file system writes) based on remote content. Sanitization: No validation or sanitization of the remote instructions is performed.
Audit Metadata