ai-collab-dev
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected during the audit. The skill consists of helper scripts for local file management and project scaffolding.
- [COMMAND_EXECUTION]: The skill provides bash scripts (
chunk-conversation.sh,setup-ralph-project.sh,validate-todo.sh) that perform file operations, directory creation, and text processing. These actions are aligned with the skill's stated purpose of managing development workflows. - [DYNAMIC_EXECUTION]: The
setup-ralph-project.shscript dynamically creates a project environment, including a Python runner (ralph-loop.py) with execution permissions. It also attempts to integrate with theralph-wiggum-loopskill by copying existing templates from local paths if available. - [INDIRECT_PROMPT_INJECTION]: The skill processes external text files (AI conversation logs) through
chunk-conversation.sh. - Ingestion points:
scripts/chunk-conversation.shreads content from a user-specified input file for splitting. - Boundary markers: Messages are delineated by standard prefixes such as
Human:,User:, orMe:. - Capability inventory: The skill is primarily a text-processing and scaffolding tool; command execution is limited to the provided scripts and the generated project runner which is intended for local use.
- Sanitization: No sanitization is performed on the input conversation text as it is intended for manual transfer by the developer.
Audit Metadata