ralph
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted text to create a task file for an autonomous agent, creating a risk that malicious instructions within a PRD could be executed. * Ingestion points: Processes user-supplied 'PRD (markdown file or text)' as the primary input. * Boundary markers: Absent. There are no instructions to the agent to treat the PRD content strictly as data or to ignore embedded instructions. * Capability inventory: The skill defines logic for reading and writing files (
prd.json,progress.txt) and managing directories (archive/). * Sanitization: Absent. No validation or sanitization of the PRD content is performed prior to conversion.
Audit Metadata