ralph
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata and body define a 'Persistent self-referential execution loop'. This instruction set encourages recursive execution behavior, which is a known technique for overriding standard agent lifecycle constraints, potentially leading to resource exhaustion or the evasion of session-based safety guardrails.
- [PROMPT_INJECTION]: The skill directs the agent to read and execute instructions from a specific file path (
.agents/workflows/ralph.md) not included in the skill package. This creates a surface for indirect prompt injection: \n- Ingestion points: .agents/workflows/ralph.md referenced in SKILL.md \n- Boundary markers: Absent \n- Capability inventory: disable-model-invocation is set to true, narrowing the agent's focus to the referenced workflow \n- Sanitization: Absent.
Audit Metadata