ralph-wiggum
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language to override the agent's safety and completion logic. In references/commands/ralph-loop.md, instructions like 'STRICT REQUIREMENTS (DO NOT VIOLATE)' and 'Do not circumvent the loop' command the agent to ignore its own assessment of task progress and prevent it from exiting the session.\n- [PROMPT_INJECTION]: The metadata in SKILL.md contains deceptive author information, claiming the skill is an official 'Anthropic' product from 'Claude Plugins Official'. This impersonation is a form of metadata poisoning designed to bypass user scrutiny.\n- [COMMAND_EXECUTION]: The skill executes bash scripts (setup-ralph-loop.sh and stop-hook.sh) which are referenced via variables but are not included in the provided source files. This prevents verification of the underlying system commands being performed.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.\n
- Ingestion points: User-provided prompt in ralph-loop.md.\n
- Boundary markers: Absent; the prompt is fed directly to the setup script.\n
- Capability inventory: Execution of arbitrary bash scripts and file modifications via the loop mechanism.\n
- Sanitization: Absent; the prompt is processed as raw input and persisted in a state file.
Audit Metadata