ralph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill transforms untrusted external input (PRDs) into a structured task format (prd.json) that drives subsequent autonomous actions.
- Ingestion points: Processes arbitrary text/markdown PRDs provided by the user or external sources.
- Boundary markers: Absent; there are no instructions to the LLM to ignore or delimit embedded instructions within the PRD.
- Capability inventory: Performs file system operations (read, write, create directories) on prd.json, progress.txt, and the archive/ folder.
- Sanitization: Lacks sanitization of input content; malicious instructions in a PRD could be faithfully converted into the agent's task list.
Audit Metadata