ralph-wiggum-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow and configuration explicitly reference installing and loading third‑party plugins from public registries (ralph.yaml plugin registry entries and the "python ralph-loop.py plugin install" CLI) and include an optional "researcher" sub-agent that uses online sources (e.g., "perplexity-online") and an OpenCode server tool to "fetch docs", meaning the agent is expected to fetch and ingest public GitHub/online content (user-generated/untrusted) that can change behavior at runtime.