Skills
skills/zpankz/mcp-skillset/ralph-graceful-exit/Gen Agent Trust Hub

ralph-graceful-exit

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [Command Execution] (MEDIUM): The skill defines a PostToolUse hook that executes $HOME/.claude/hooks/ralph-activity-log.sh whenever the Bash tool is used. This involves executing an external script located in the user's home directory which is not part of the skill's own package, presenting a risk of executing unverified code.
  • [Data Exposure & Exfiltration] (LOW): The skill accesses ~/.ralph-state/activity.log. While intended for state tracking, it establishes a pattern of reading from hidden directories in the user's home folder which could contain sensitive command history.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from ~/.ralph-state/activity.log and fix_plan.md to make decisions about agent exit conditions.
  • Ingestion points: Read via grep and file system checks.
  • Boundary markers: None; the skill searches for raw strings like 'done' or 'complete'.
  • Capability inventory: Can execute Bash commands and recommend agent termination (<promise>DONE</promise>).
  • Sanitization: No sanitization is performed on the content of the logs or the fix plan before it influences the exit logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:46 AM