Skills
skills/zereight/gitlab-mcp/ralph/Gen Agent Trust Hub

ralph

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill architecture exhibits a surface for indirect prompt injection where malicious instructions embedded in processed data could influence agent behavior.\n
  • Ingestion points: The skill ingests untrusted data from user-provided task descriptions and reads instructions from the .omc/prd.json file (SKILL.md).\n
  • Boundary markers: Absent. The instructions do not define delimiters or specific constraints to prevent the agent from obeying embedded commands within the PRD stories or criteria.\n
  • Capability inventory: The skill has the capability to delegate tasks to an @executor (which can perform arbitrary code or command execution) and update project files via omg_update_story (SKILL.md).\n
  • Sanitization: Absent. There is no evidence of input validation, filtering, or sanitization of the content retrieved from the PRD before it is used to drive the implementation loop.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:25 AM