ralph-init
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by design. \n- Ingestion points: The skill accepts a 'project or feature description' as untrusted input from the user. \n- Boundary markers: There are no defined delimiters or 'ignore' instructions in the SKILL.md to separate user-provided content from the PRD structure. \n- Capability inventory: The skill is capable of writing content to the local filesystem at
.omc/plans/prd-{slug}.md. \n- Sanitization: No sanitization or validation of the input description or the resulting 'slug' is mentioned, which could lead to instruction injection or unexpected file locations.
Audit Metadata