ralph
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the PRD files it processes.
- Ingestion points: The agent loads a PRD file based on user input (Step 1 in SKILL.md).
- Boundary markers: There are no explicit delimiters or specific instructions to the agent to disregard natural language commands or malicious instructions embedded within the PRD file content.
- Capability inventory: The skill is capable of performing filesystem modifications to codebase files (Step 4) and executing shell commands to run 'Quality Gates' defined in the document headers (Step 5).
- Sanitization: No sanitization, escaping, or validation of the PRD content or the 'Quality Gate' commands is mentioned or implemented before the agent acts on them.
Audit Metadata