visual-ralph
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from live URLs to serve as visual references for code generation.
- Ingestion points: SKILL.md (Workflow Step 2: Establish the visual reference) specifies capturing live URLs and URL-derived reference artifacts.
- Boundary markers: Absent. There are no instructions provided to the agent to disregard or sanitize potential instructions embedded within the source web content.
- Capability inventory: The skill possesses significant capabilities, including editing workspace code, executing shell commands (via $ralph and local package scripts), and performing network operations for screenshot capture.
- Sanitization: Absent. The workflow focuses on visual parity rather than content sanitization of the source data.
- [COMMAND_EXECUTION]: The workflow requires the agent to execute arbitrary shell commands for building, linting, testing, and capturing screenshots as defined by the local repository's environment.
- Evidence: Workflow Step 1 and Step 4 instruct the agent to use local package managers and execute a "Screenshot reproduction command" provided in the handoff template.
Audit Metadata