ralph

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). No explicit payloads or obfuscated code are present, but the skill explicitly requires disabling the sandbox and runs arbitrary repository scripts (backgrounded bash ralph/loop.sh) and writes files that drive the build agent—behavior that enables sandbox escape, arbitrary remote code execution, and potential data exfiltration or backdoor/persistence via the repository, so it is high risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs using dangerouslyDisableSandbox: true to bypass the sandbox write allowlist so git worktree operations can write outside the safe paths, which is a direct instruction to disable a security mechanism and could enable filesystem compromise.