ralph
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the execution of system commands for verification and setup, including npm test, npm run build, pip install, and docker build.
- [EXTERNAL_DOWNLOADS]: The skill includes functionality to invoke a $web-clone tool which retrieves content from external URLs provided in user prompts.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the processing of untrusted external web content.
- Ingestion points: Untrusted data enters via user-provided URLs processed by the $web-clone tool in Step 5 (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for the fetched content.
- Capability inventory: The skill possesses the ability to execute package manager commands and delegate to high-tier specialist agents (SKILL.md, Execution Policy).
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it influences agent actions.
Audit Metadata