ralph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly invokes a $web-clone flow for "URL-based cloning tasks" when the task contains a target URL (e.g., "clone https://example.com"), which fetches and extracts content from arbitrary public URLs and uses that content in the extraction→generation→verification pipeline, exposing the agent to untrusted third-party content.