Ralph Loops

This skill is classified as suspicious due to its reliance on `--dangerously-skip-permissions` for the Claude CLI, which grants the AI agent full system access, bypassing all built-in safeguards. Additionally, the `scripts/ralph-loop.mjs` script includes a `checkCmd` argument that allows arbitrary command execution via `execSync`, creating a direct command injection vector if the agent's arguments can be manipulated. The skill also instructs the agent to perform `git push` operations and use the `browser` tool to open URLs (e.g., `browser action=open targetUrl="http://localhost:PORT"`), which are powerful capabilities that, while intended for development, significantly increase the attack surface for prompt injection or misuse. These risky capabilities are present in `SKILL.md`, `scripts/ralph-loop.mjs`, `templates/loop.sh`, and `templates/PROMPT_build.md`.