ralpher-cli
Fail
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of the
ralpher-clitool by executing a remote script directly in the shell:curl -fsSL https://raw.githubusercontent.com/pablozaiden/ralpher/main/install.sh | sh. This script is hosted on the skill author's GitHub repository and represents the standard installation procedure for the service. - [EXTERNAL_DOWNLOADS]: The skill references and downloads the installation script and future updates from the author's GitHub infrastructure (
github.com/pablozaiden). - [COMMAND_EXECUTION]: The skill is centered around executing shell commands to interact with a Ralpher server, including discovering APIs, checking status, and managing websocket streams.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection due to its handling of data from external sources.
- Ingestion points: Remote data enters the system through API responses fetched by
ralpher-cli apiand event streams fromralpher-cli ws(SKILL.md, REFERENCE.md). - Boundary markers: There are no specific delimiters or instructions present to prevent the agent from following directions potentially embedded in external data.
- Capability inventory: The skill allows for shell command execution and network requests via the Ralpher CLI tool.
- Sanitization: The instructions indicate that the tool validates JSON payloads, but no specific sanitization of retrieved data content is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/pablozaiden/ralpher/main/install.sh - DO NOT USE without thorough review
Audit Metadata