ralph-dogfooding

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to request and then enter user credentials/OTP via browser_fill (and references a Linear team key), which requires the LLM to handle and include secret values verbatim in its actions/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to use Playwright MCP to navigate, snapshot, and interact with the target URL and core routes (see SKILL.md "Explore core routes via Playwright MCP" and the build_prompt in scripts/ralph-dogfooding.sh which takes a user-supplied --url), so it will ingest and act on arbitrary web/app content that could contain untrusted instructions.