ralph-driven-development-linear

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The script (scripts/ralph-linear.py) builds prompts (build_prompt and build_count_prompt) that instruct the Codex agent to use Linear MCP to list and act on project issues, meaning the agent will fetch and interpret untrusted, user-generated issue content from a third‑party source (Linear).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes a default codex argument "--dangerously-bypass-approvals-and-sandbox" which explicitly instructs bypassing security/sandboxing protections and thus enables an agent to perform potentially arbitrary, state-changing actions on the host.