pipeline
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages a context that accumulates artifacts from prior stages and passes them to future stages. This mechanism creates a surface for indirect prompt injection, as malicious data produced in an early stage (like team-exec) could influence the agent's logic in later stages (like ralph-verify).\n
- Ingestion points: Artifacts are accumulated in the StageContext described in SKILL.md and carried across stages.\n
- Boundary markers: There are no documented boundary markers or instructions to ignore instructions within the artifacts passed through the context.\n
- Capability inventory: The skill is capable of writing local state files via state_write and executing worker processes via the Codex CLI.\n
- Sanitization: No data validation or sanitization process for stage artifacts is mentioned in the orchestration documentation.
Audit Metadata