ralph-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs (Phase 1) to "use subagents to load URLs or existing docs into context for spec quality," meaning the agent will fetch and ingest arbitrary third-party URLs/documents and read them as part of its planning/spec workflow, which can expose it to untrusted user-generated content and indirect prompt injection.