ralph-loop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection via its autonomous execution loop.
- Ingestion points: The skill consumes task descriptions from the
TodoWritetool or data structure. - Boundary markers: No delimiters or instructions are provided to distinguish task data from executable instructions.
- Capability inventory: Step 5 ('Execute the task') grants the agent permission to perform any action defined in a task, potentially leveraging the agent's full toolset (e.g., shell access, file writes) based on untrusted input.
- Sanitization: There is no logic provided to sanitize or validate the content of the tasks before they are executed by the agent.
Audit Metadata