autodev
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell-based operations to manage repository state, initialization, and test execution. It utilizes a platform-specific session hook (~/.claude/hooks/ralph-loop.sh) to maintain persistence and automatically restart the agent session until all tasks are marked complete.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it implements instructions found in external task files. 1) Ingestion points: Task content is read from the file path provided in the 'prd' parameter (e.g., PRD.md). 2) Boundary markers: Absent; there are no delimiters or specific warnings to ignore instructions embedded within the task descriptions. 3) Capability inventory: The skill employs Read, Write, Edit, Bash, Grep, Glob, and Agent tools as defined in SKILL.md. 4) Sanitization: Absent; the skill does not validate or filter the ingested task descriptions before planning or implementing changes.
Audit Metadata