ralph-tdd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Ralph loop explicitly instructs the agent to "Check [BACKLOG SOURCE]" and the SKILL.md and script PROMPT reference reading external backlog sources such as GitHub Issues or Linear (user-generated, third-party content) to pick tasks and drive implementation, so untrusted backlog content can directly influence the agent's decisions and tool actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly recommends running agents in "full-auto" modes (flags like --dangerously-skip-permissions / --approval-mode full-auto) and instructs autonomous AFK execution of shell scripts and installs, which encourages an agent to run arbitrary commands that could modify system state even though it doesn't explicitly request sudo, system file edits, or user creation.