ralph-promax

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires the agent to read actual code, environment and config files and to produce concrete PoCs and exploit steps, which can force inclusion or exposure of verbatim secrets (env vars, SSH keys, tokens) in outputs unless redaction is explicitly enforced.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs system-level reconnaissance and an "EXPLOIT: Attempt to exploit if vulnerability found" step (plus automated file-modifying/reporting actions), which directs the agent to perform actions that can alter system state or lead to privilege escalation even though it doesn't name "sudo" or creating users.