ralph-new

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains high-risk patterns — it mandates autonomous execution of fetched/generated code (including PowerShell with ExecutionPolicy Bypass), reads user documents and external URLs, copies and runs local scripts, installs packages, and runs indefinite automated loops that can modify the filesystem, commit changes, and execute arbitrary commands, enabling remote code execution, persistence, and potential data exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and fetches arbitrary URLs with WebFetch and reads those documents (Step 1.1 and Step 1.2), and also pulls public documentation/templates via WebFetch or raw.githubusercontent.com (Step 2.2 and the templates download), so the agent will ingest untrusted user-provided or public web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to download project templates (including scripts) from https://raw.githubusercontent.com/kroegha/Ralph-Skill/main/templates/, which could supply shell/PowerShell scripts that the skill then copies and automatically executes (remote code execution dependency).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs autonomous, persistent execution of system commands that modify the host (copying files, chmod, initializing databases, running scripts) and even includes privileged package installation via "sudo apt install", which directs the agent to change system state and obtain elevated privileges.