ralph
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a template for
ralph.shwhich executes theclaudeCLI with the--dangerously-skip-permissionsflag. This flag bypasses built-in safety prompts, enabling the AI to perform autonomous shell command execution. The setup instructions also include making the script executable viachmod +x. - [REMOTE_CODE_EXECUTION]: The autonomous runner implements and executes code (e.g.,
yarn typecheck) based on instructions found in external PRD files, facilitating the execution of AI-generated logic in a continuous loop. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted PRD files.
- Ingestion points: Data from markdown PRD files is converted into
prd.jsonand then passed as context to the Claude CLI using the@file reference syntax. - Boundary markers: No delimiters or instructions are used to distinguish between system instructions and data ingested from external files.
- Capability inventory: The AI is granted the ability to execute shell commands (with permissions skipped), write to the filesystem, and perform git operations.
- Sanitization: No sanitization or validation is applied to the content of the PRD files before it is processed by the autonomous runner.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
jqutility via the well-known Homebrew package manager if it is not already available on the system.
Recommendations
- AI detected serious security threats
Audit Metadata