ralph
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers shell commands for project-specific tasks including build processes (make, npm run build), test suites (npm test), and linter diagnostics. It also utilizes the omx CLI for state management and context exploration.\n- [EXTERNAL_DOWNLOADS]: The skill supports visual cloning capabilities that involve fetching and analyzing content from external URLs provided in the task description.\n- [REMOTE_CODE_EXECUTION]: The skill performs automated package installations using npm, pip, and cargo, and executes test suites. These actions involve running code derived from the project's dependency manifest and source files.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its ingestion of untrusted data from codebases and remote URLs.\n
- Ingestion points: Project context snapshots (.omx/context/), external target URLs for cloning (SKILL.md Step 5), and task statements.\n
- Boundary markers: The skill does not explicitly define delimiters for external data within its instructions.\n
- Capability inventory: The agent can execute shell commands, write to the file system (state and artifacts), and delegate tasks to other specialist agents across all scripts.\n
- Sanitization: No explicit sanitization or validation of the ingested external content is described in the execution steps.
Audit Metadata