ralph-review
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses local development tools (
git,jq) and a task manager (bd) to inspect the current project state. All operations are confined to the local file system and repository metadata. - [INDIRECT_PROMPT_INJECTION]: The skill processes content from local files (
ralph-plan.mdand referenced plan documents) and passes them to a subagent context, which presents a surface for indirect prompt injection. - Ingestion points: The file
.llmtmp/ralph-plan.mdand variable file paths parsed from theplan documents:line within that file. - Boundary markers: Absent. The skill does not use specific delimiters or instructions to the subagent to ignore potentially malicious content within the ingested files.
- Capability inventory: The skill executes local shell commands using
git,bd, andjqfor task management and repository inspection. It has no built-in network or credential access capabilities. - Sanitization: None. The skill reads file content and relays it verbatim to the subagent's context without filtering or escaping.
Audit Metadata