Skills
skills/chrislacey89/skills/setup-ralph-loop/Gen Agent Trust Hub

setup-ralph-loop

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill generates automation scripts (ralph.sh, ralph-once.sh) that ingest data from an external, potentially untrusted source (GitHub issues).
  • Ingestion points: The generated scripts are instructed to "Look at the open GitHub issues" and pick tasks based on issue descriptions and comments (SKILL.md, Step 4 and 5).
  • Boundary markers: The prompt templates provided for the generated scripts lack explicit boundary markers or instructions for the agent to ignore embedded instructions within the ingested issue text.
  • Capability inventory: The scripts invoke the claude CLI with instructions to use the /execute tool, which typically possesses file system access and subprocess execution capabilities.
  • Sanitization: No sanitization or validation logic is defined to filter malicious instructions that might be embedded in GitHub issue content processed by the automated loop.
  • [COMMAND_EXECUTION]: The skill generates and facilitates the execution of local shell scripts to manage automation loops.
  • The skill creates and makes executable ralph.sh and ralph-once.sh scripts (SKILL.md, Step 7).
  • It optionally modifies package.json to include entry points for these scripts, facilitating their invocation within the project environment.
  • While these actions are intended for infrastructure setup, they establish a mechanism for running dynamically generated logic that acts on external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 02:06 AM
Security Audit — agent-trust-hub — setup-ralph-loop