visual-ralph
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local project commands, including package manager scripts (npm, yarn, pnpm), build processes, and linting/testing suites. It also requires the execution of a screenshot command to capture the current state of the UI for automated visual comparison.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the capture of visual references from external live URL targets. This involves accessing remote web content to establish a baseline for UI cloning or migration tasks.
- [PROMPT_INJECTION]: The skill is designed to ingest and process content from external URLs and user descriptions, which represents an indirect prompt injection surface.
- Ingestion points: External URLs and user-supplied descriptions in SKILL.md.
- Boundary markers: The workflow mentions documentation of viewports and interaction notes, but lacks explicit boundary markers or instructions for the agent to ignore instructions embedded within the processed external content.
- Capability inventory: The skill orchestrates file system modifications via Ralph, command execution for builds/tests, and network access for URL capture.
- Sanitization: There is no mention of sanitization or filtering for content retrieved from external URLs.
Audit Metadata