Skills
skills/foryourhealth111-pixel/vibe-skills/ralph-loop/Gen Agent Trust Hub

ralph-loop

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The Invoke-OpenEngine function in scripts/ralph-loop.ps1 executes an external binary using the PowerShell call operator (&). This binary path is determined by the $openBinary variable, which can be directly controlled by an attacker via the --open-binary command-line argument, potentially leading to arbitrary command execution.
  • [COMMAND_EXECUTION]: The skill includes logic to locate and execute a secondary script (cancel-ralph.ps1) when the --stop flag is provided. The path to this script is constructed using the CODEX_HOME environment variable, which could be manipulated to execute a malicious script from an unexpected location.
  • [EXTERNAL_DOWNLOADS]: The instructions and script error messages promote the installation and use of the @th0rgal/ralph-wiggum package from the NPM registry. This is a third-party dependency from an unverified source that is critical to the 'open' engine's functionality.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 02:49 PM