RALPH_DIR env override enables writing to arbitrary directories #79
Description
Severity: HIGH
Location
ralph/ralph_loop.sh:22
Description
RALPH_DIR is set from the environment with no validation. Used throughout the script for status files, logs, and config paths. An attacker can set it to a path outside the project, causing writes to arbitrary locations and chaining into code execution via .ralphrc at that path.
Suggested fix
Hardcode RALPH_DIR=".ralph" or validate it is a relative path without .. components.