ralph-loop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions designed to bypass agent safety filters or override core instructions were found.
- [Data Exposure & Exfiltration] (SAFE): The skill interacts with the local filesystem exclusively within the
.ralph/directory for task state persistence. There are no patterns for accessing sensitive system files or exfiltrating data to external domains. - [Indirect Prompt Injection] (SAFE):
- Ingestion points: The skill ingests task content and checklist items from user input and the
.ralph/markdown files. - Boundary markers: Standard markdown headers are used to structure task data, which is common practice for task management.
- Capability inventory: Limited to writing state files to a dedicated local directory and spawning subagents using the default agent configuration.
- Sanitization: Content is processed as structured markdown; the design assumes the agent is operating on trusted development tasks.
- [Unverifiable Dependencies] (SAFE): No external package installations or remote script downloads are performed.
- [Dynamic Execution] (SAFE): Subagent invocation uses defined tool interfaces and does not involve runtime code generation or unsafe deserialization.
Audit Metadata