The Agent Skills Directory

[COMMAND_EXECUTION]: The execution engine in scripts/ralph-loop-example.py uses the Python subprocess module to call the platform's opencode tool and git commands. These calls are implemented using list-based arguments rather than shell strings, which is a secure practice that prevents command injection. These operations are essential for running AI agents and managing version control in the development workflow.
[EXTERNAL_DOWNLOADS]: The initialization script scripts/generate-ralph-loop.sh creates a requirements.txt file that references standard, well-known libraries such as pyyaml, pydantic, opentelemetry, and networkx. These are reputable packages from official registries and do not represent a security risk.
[PROMPT_INJECTION]: The skill includes instructions for an 'Adversary' agent in HIERARCHICAL_AGENTS.md and PROMPT-ADVERSARY.md. While these instructions use aggressive language (e.g., 'Your sole purpose is to DESTROY the implementation'), they are clearly framed within a security testing and Red Teaming context aimed at identifying flaws in the software being developed by the other agents.
[DATA_EXFILTRATION]: A template for a Slack notification plugin in the generator script includes a network request to a user-provided webhook. This is an optional, documented feature for monitoring workflow progress and does not exfiltrate sensitive data by default.

ralph-wiggum-loop