ralph-driven-development-linear
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes a default configuration
--codex-args 'exec --dangerously-bypass-approvals-and-sandbox'. This explicitly disables the security protections of the underlying execution engine, allowing any command or script generated from task data to run with the full privileges of the user. - [PROMPT_INJECTION] (HIGH): This skill is highly vulnerable to Category 8 (Indirect Prompt Injection). It processes untrusted external data (Linear issues) and executes it in a high-privilege environment.
- Ingestion points: Untrusted content is fetched from Linear project issues via the Linear MCP.
- Boundary markers: There are no boundary markers or instructions provided to the agent to ignore or isolate instructions found within the project issues.
- Capability inventory: The skill has the capability to execute code on the system via the
codexexecutable with its sandbox disabled. - Sanitization: The skill lacks any mechanism to sanitize or validate the content of the issues before execution.
Recommendations
- AI detected serious security threats
Audit Metadata