ralph-interrupt
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, prompt injection, or data exfiltration patterns were detected. The skill operates exclusively on local project files within a defined workflow.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection through the ingestion of project files like the constitution and policies. This is considered safe as the skill is restricted to updating project documentation and state, with no network access or code execution capabilities.
- Ingestion points: Workflow step 2 reads constitution, runtime contract, project policy, workflow state, and spec queue files.
- Boundary markers: No specific delimiters or instructions to ignore embedded content are defined.
- Capability inventory: File system write access is limited to the .ralph/ and specs/ directories for updating state and creating documentation.
- Sanitization: No explicit sanitization of ingested content is performed.
Audit Metadata