plan
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill follows safety practices by incorporating human-in-the-loop checkpoints and expert validation.
- [COMMAND_EXECUTION]: The skill identifies and delegates execution tasks to specialized agents ($ralph, $team) rather than executing code directly. These transitions occur only upon user approval or explicit command.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted codebase data and user input. 1. Ingestion points: 'explore' agent (reads codebase files), user input via 'AskUserQuestion'. 2. Boundary markers: Absent (no explicit delimiters mentioned for processed content). 3. Capability inventory: Invokes external execution agents '$ralph' and '$team' which possess code execution capabilities. 4. Sanitization: No explicit sanitization or filtering logic is mentioned for gathered facts. This risk is mitigated by the multi-step consensus workflow involving Architect and Critic reviews before final output.
Audit Metadata