The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill directs the agent to execute a shell script from a plugin cache directory ($HOME/.claude/plugins/cache/claude-code-plugins/ralph-wiggum/1.0.0/scripts/setup-ralph-loop.sh). This script manages the state and logic for autonomous loops.
EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the ralph-wiggum@claude-code-plugins plugin. This source is not part of the trusted organizations list, making the downloaded scripts unverifiable.
PROMPT_INJECTION (LOW): The TASK_DESCRIPTION parameter is interpolated into a bash command and subsequently becomes the core context for the autonomous loop. Ingestion points: TASK_DESCRIPTION variable in SKILL.md. Boundary markers: Absent. Capability inventory: Bash execution, Read tool, and prompt re-injection. Sanitization: No evidence of escaping or validation.
AUTONOMY_RISK (MEDIUM): The skill implements a persistence-like mechanism where 'Stop hooks' are intercepted to re-inject prompts, preventing the agent from exiting until a specific promise is met. This can lead to rapid token consumption and significant financial costs as acknowledged in the documentation.

ralph-invoke