ralph-it

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches a PRD GitHub issue using the gh CLI and parses issue body and PR bodies/comments (user-generated content on GitHub) as part of its required workflow to choose and implement the next story, so untrusted third-party content can directly influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches and parses a GitHub PRD issue at runtime (e.g. a GitHub issue URL like https://github.com///issues/) via the gh CLI and uses that external content to determine and drive the agent's implementation steps, so the external URL directly controls the agent's prompts/actions.