prp-ralph-loop
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes instructions from external state and plan files (.claude/prp-ralph.state.md and files at plan_path) without sanitization or explicit boundary markers, creating a surface for indirect prompt injection. The agent's ability to execute shell commands and modify project documentation (CLAUDE.md) increases the potential impact of such an injection. Evidence Chain: 1. Ingestion points: .claude/prp-ralph.state.md and plan files from plan_path. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution (npm, bun, uv, git), file-write (CLAUDE.md, AGENTS.md, state files). 4. Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands for validation, including bun run, npm run, npx tsc, and uv run. While these are standard tools for the intended primary purpose, they represent an execution capability that can be triggered by external data from the loop state.
Audit Metadata