cancel-ralph
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The usage documentation instructs users to execute the PowerShell script using the
-ExecutionPolicy Bypassflag. This is a technique used to circumvent local security restrictions that prevent the execution of unsigned or restricted scripts. - [COMMAND_EXECUTION]: The script uses
Remove-Item -Forceon a path that can be overridden by the agent via the--state-fileparameter. The script lacks validation to ensure the path resides within a safe or expected directory, creating a risk of arbitrary file deletion if the agent is misdirected. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through its combined ability to read data from external files and perform destructive file system operations.
- Ingestion points: Reads state data from
.claude/ralph-loop.local.mdor a user-specified path inscripts/cancel-ralph.ps1. - Boundary markers: Absent in both the script logic and the agent instructions.
- Capability inventory: Includes file reading (
Get-Content) and file deletion (Remove-Item) inscripts/cancel-ralph.ps1. - Sanitization: Uses
-LiteralPathto prevent parameter injection into the cmdlet, but does not implement a sandbox or allow-list for the directory paths being accessed.
Audit Metadata