ralph-wiggum-loop
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The README and SKILL.md files explicitly instruct users to execute the loop with security bypass flags such as '--dangerously-skip-permissions' or '--yolo'. This instructs the user to disable the agent's safety sandbox, granting it unrestricted command execution capabilities while processing untrusted external data.
- [PROMPT_INJECTION] (LOW): The skill is highly vulnerable to Indirect Prompt Injection. 1. Ingestion points: The 'CODE_REVIEW_PLAN.md' file uses the 'gh' CLI to fetch raw Pull Request comment bodies from GitHub. 2. Boundary markers: The instructions do not define boundary markers or include warnings to ignore instructions embedded within the fetched comments. 3. Capability inventory: The agent is granted the ability to execute arbitrary bash commands, commit/push to git, and create GitHub issues. 4. Sanitization: No sanitization or input validation is performed on the comment content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata