ralph-claude-code-autonomous-development
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning and executing an installation script from an external, non-whitelisted GitHub repository (
github.com/frankbria/ralph-claude-code.git). - [REMOTE_CODE_EXECUTION]: The uninstallation instructions recommend a highly insecure pattern of piping a remote script directly into a shell interpreter:
curl -sL https://raw.githubusercontent.com/frankbria/ralph-claude-code/main/uninstall.sh | bash. - [PROMPT_INJECTION]: The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: It ingests untrusted external data via
ralph-enable --from github(fetching issues) andralph-import(reading PRDs or requirement files). - Boundary markers: The provided templates do not specify robust boundary markers or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill has extensive capabilities, including executing shell commands (
Bashtool), editing files (Edittool), and managing project structures, all within an autonomous loop. - Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent to determine the next development steps.
- [COMMAND_EXECUTION]: The skill's core functionality involves autonomous execution of shell commands provided by the AI agent, which is controlled by a configuration file (
.ralphrc) that can be modified to allow arbitrary command execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/frankbria/ralph-claude-code/main/uninstall.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata