autopilot
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed for autonomous execution of the software lifecycle. In Phase 3 (QA), it is instructed to 'build, lint, test, and fix failures,' which involves running arbitrary shell commands and subprocesses on code generated by the agent. This high level of autonomy in executing generated code presents a risk if the generated code contains unintended or malicious instructions.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8). It ingests user ideas, task statements, and product descriptions to generate technical specifications and implementation plans.
- Ingestion points: User-provided 'product ideas' and 'task statements' are processed in Phase 0 and Phase 1 to define the scope and technical design of the project.
- Boundary markers: The instructions do not specify the use of delimiters or boundary markers to isolate user-provided input from the agent's internal logic or code generation instructions.
- Capability inventory: The skill has extensive capabilities, including creating implementation plans, using the 'Ralph' tool for coding, performing build/test operations, and modifying files in the local environment.
- Sanitization: There is no mention of input sanitization or validation of the requirements before they are expanded into technical specifications and code.
Audit Metadata