Skills
skills/kundeng/bayeslearner-skills/ralph-loop/Gen Agent Trust Hub

ralph-loop

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the ralph-cli tool directly from a personal GitHub repository (https://github.com/mikeyobrien/ralph-orchestrator) using cargo install.
  • [COMMAND_EXECUTION]: The skill makes extensive use of local command execution, including tmux for session management, git for status monitoring, and the ralph CLI for running the orchestration loops.
  • [PROMPT_INJECTION]: The skill is designed to manage autonomous agents that communicate through shared markdown files, creating a surface for indirect prompt injection.
  • Ingestion points: Agents consume context from .kiro/specs/*/requirements.md, .ralph/agent/scratchpad.md, and .ralph/agent/memories.md.
  • Boundary markers: The instructions for the 'planner', 'builder', and 'reviewer' roles do not define clear boundary markers or explicit safety instructions to distinguish between trusted commands and data within the coordination files.
  • Capability inventory: The system has capabilities to execute shell commands, perform Git operations, and modify the project's file system through the ralph tool and the builder's instructions.
  • Sanitization: No sanitization or validation of the content within the requirements or scratchpad files is implemented before they are processed by the LLM agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:37 PM