ralph-plan
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (PRDs, project policies, and related artifacts) to generate planning output, creating a surface for indirect prompt injection. \n- Ingestion points: The workflow in
SKILL.mdidentifies that the agent reads project PRDs and policies. \n- Boundary markers: No explicit delimiters or instructions are provided to distinguish between the agent's instructions and the content of the processed PRDs. \n- Capability inventory: The skill is restricted to reading and writing local project documentation (Markdown and JSON). It does not contain capabilities for shell execution, network access, or sensitive file exposure. \n- Sanitization: No sanitization or validation logic is present to filter malicious instructions embedded within the ingested data.
Audit Metadata