ralph-init
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a data ingestion surface where untrusted user input is written to a PRD file that guides subsequent agent execution. 1. Ingestion points: User-provided project or feature description in the /ralph-init command. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are mentioned. 3. Capability inventory: File creation within the .omx/plans/ directory. 4. Sanitization: No input validation or sanitization of the user description is described.
Audit Metadata