Skills
skills/sanity-io/claude-plugins-official/Plugin Settings/Gen Agent Trust Hub

Plugin Settings

Pass

Audited by Gen Agent Trust Hub on Jun 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill documents an iterative task loop pattern (referred to as the 'Ralph Wiggum' pattern) that reads instructions from a project-local file and feeds them directly back to the agent as system prompts.
  • Ingestion points: Markdown body content from .claude/ralph-loop.local.md and other .local.md files.
  • Boundary markers: Absent; the entire extracted markdown body is used as the next prompt.
  • Capability inventory: The skill uses shell utilities (sed, awk, grep), interacts with terminal multiplexers via tmux send-keys, and manipulates agent session flow through jq output.
  • Sanitization: The documentation recommends using jq --arg for safe JSON construction, which mitigates injection into the tool output, but the pattern itself remains a surface for indirect instructions.
  • [EXTERNAL_DOWNLOADS]: Technical references in the skill suggest the installation of the yq utility via package managers (e.g., brew install yq) to handle complex configuration parsing.
  • [COMMAND_EXECUTION]: Utility scripts and documentation provide bash examples for parsing files. Some examples use string interpolation within shell commands which could be sensitive to malformed local file content, although the skill generally advocates for safer alternatives like jq.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 1, 2026, 11:22 AM
Security Audit — agent-trust-hub — Plugin Settings