ralph-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly says in Phase 1 to "Use subagents to load URLs or existing docs into context for spec quality," which means the agent fetches and ingests arbitrary third‑party web content (untrusted) that it will read and use to update specs/plans and drive PLANNING/BUILDING actions.