autopilot
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate workflow automation tool. It defines a strict operational sequence and uses project-local storage for context and state tracking.- [COMMAND_EXECUTION]: The skill invokes other workflow phases ($ralplan, $ralph, $code-review) and utilizes the
omxcommand-line utility for state persistence. These operations are restricted to the vendor's own ecosystem and expected developer tasks.- [PROMPT_INJECTION]: The skill's autonomous nature presents an indirect prompt injection surface through the ingestion of task descriptions or external issue content. However, the multi-stage architecture with a separate code-review gate mitigates this risk by ensuring implementation results are verified before completion. - Ingestion points: User requests, GitHub issues, and
.omx/context/files (SKILL.md). - Boundary markers: None explicitly identified.
- Capability inventory: Local file writes, state management via
omxCLI, and implementation execution via$ralph(SKILL.md). - Sanitization: None explicitly mentioned.
Audit Metadata