ralph-loop
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PERSISTENCE_MECHANISMS]: The skill's primary orchestration mode involves registering a 'Stop hook' in the agent's configuration, which executes a local script automatically whenever the agent attempts to exit or complete a task. This creates a persistent execution loop that remains active across sessions.
- [INDIRECT_PROMPT_INJECTION]: The autonomous architecture is designed to read the agent's own transcript and re-inject prompts to drive the next iteration. This mechanism is susceptible to indirect prompt injection if malicious instructions are present in the data the agent processes, as those instructions would be captured in the transcript and fed back into the agent's context.
- [DYNAMIC_EXECUTION]: The post-execute hook file uses relative path traversal to dynamically load an external module from the project's observability tools directory. This dependency on external file structures and dynamic loading poses a minor risk if the directory structure is manipulated.
- [COMMAND_EXECUTION]: The skill provides templates for shell scripts intended to set environment variables and launch the agent. It also specifies the use of powerful tools like Bash, Write, and Edit to manage the iteration state and perform automated audits.
Audit Metadata