Please do NOT open public issues for security vulnerabilities.

Use one of these private channels:

1. GitHub Security Advisories (preferred) — Report via Private vulnerability reporting in this repository's Security tab.
2. Email — Send details to hi@joserprieto.es.

We will coordinate disclosure with you. If you do not receive acknowledgment within 48 hours, please follow up via the other channel.

Ralphy Looper executes arbitrary shell commands as subprocesses (Claude, Gemini, Codex, or any configured backend). This is by design — it is an automation tool, not a sandbox.

The following threats are considered in scope:

The following are considered out of scope:

• Vulnerabilities in the backend CLIs themselves (Claude, Gemini, Codex).
• Prompt injection within prompt files (user responsibility).
• Denial of service via intentionally large configurations.

• Pin backend versions in your configuration.
• Review prompt files before execution.
• Use --dry-run to validate before running.
• Keep dependencies updated via poetry update.
• Run Ralph in an isolated environment (container, VM, or dedicated user).
• Do not store secrets in ralph.yaml or prompt files.

When phase verification is enabled (verify_phases: true), Ralph writes verification prompts to <state_dir>/verification/. These files contain:

• The original phase prompt (requirements)
• A truncated excerpt of the execution output (max 4,000 chars)

These files are not deleted after verification (useful for debugging). If execution output may contain sensitive data, periodically clean the verification directory or configure state_dir to point to a temporary location.