ralph-prd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill processes user-supplied task descriptions to generate PRDs. While it lacks explicit boundary markers for this untrusted data, the risk is mitigated by the local scope of operations and the absence of exfiltration capabilities.
- Ingestion points: Task strings passed to the
/ralph-prdcommand (SKILL.md). - Boundary markers: Absent in the workflow description.
- Capability inventory:
Bash,Write,Read,Grep,Glob(SKILL.md). - Sanitization: Not explicitly defined for the interpolation of task descriptions.
- [Command Execution] (SAFE): The skill is granted
Bashaccess. Analysis of the workflow indicates this is intended for legitimate file system management, such as creating the.ralph/directory and validating JSON structures. - [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or access to sensitive paths (like
~/.sshor.env) were found. The skill operates within a local.ralph/directory for task tracking. - [Remote Code Execution] (SAFE): No external script downloads or execution of remote packages were detected. Dependencies are limited to internal agents (
prometheus,metis).
Audit Metadata