ralplan
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface (Category 8) detected where untrusted user input is used to drive a multi-agent planning and execution workflow. ● Ingestion points: The task description argument in SKILL.md is the primary entry point for untrusted data. ● Boundary markers: The task description is interpolated into the workflow context without explicit delimiters or instructions to ignore embedded commands. ● Capability inventory: The skill can invoke the team and ralph skills (documented in SKILL.md) which are capable of code and command execution. ● Sanitization: No sanitization, validation, or filtering of the user-supplied task description is mentioned or enforced within the instructions.
Audit Metadata