Trust Assessment
ralph-loop received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input in generated shell commands, Instruction to use dangerous auto-approve flags.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in generated shell commands The skill explicitly instructs the generation of a bash script that directly incorporates and executes user-provided strings for `CLI_CMD`, `CLI_FLAGS`, `TEST_CMD`, and the content of `PROMPT.md` (which is influenced by user input) without proper sanitization or escaping. A malicious user could inject arbitrary shell commands into these variables, leading to remote code execution within the environment where the generated script is run. Implement robust input sanitization and escaping for all user-provided strings (`CLI_CMD`, `CLI_FLAGS`, `TEST_CMD`) before incorporating them into the bash script. For `PROMPT.md` content, ensure the target AI CLI tool properly handles arbitrary text and does not interpret it as shell commands. Consider using `printf %q` for shell arguments or passing prompt content via stdin if the CLI supports it. | LLM | SKILL.md:112 | |
| HIGH | Instruction to use dangerous auto-approve flags The skill explicitly instructs the user to ask for and incorporate "Auto-approve flags" such as `--dangerously-skip-permissions` (for Claude Code) or `--full-auto` (for Codex) into the generated script. While the skill notes the associated "trust + risk" and recommends sandboxing, the direct instruction to enable these flags significantly increases the attack surface and potential impact if the AI agent is compromised or generates malicious code. Advise against using these flags in production or untrusted environments. If necessary, ensure they are only used within strictly isolated and ephemeral sandboxed environments with minimal access to host resources. The skill should emphasize the sandbox as a mandatory prerequisite for using such flags. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/a10c57244e586ab7)
Powered by SkillShield