cpa-codex-free

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This script automates mass creation of OpenAI accounts via temporary email, programmatically obtains sensitive tokens (id_token, refresh_token, access_token, account IDs) and is explicitly intended to upload/manage those auth files on a remote CLI/CPA management service—behavior consistent with deliberate credential harvesting, account-farming and exfiltration for abuse/evasion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly polls an external temporary-email API (MAIL_API_BASE: https://mail.chatgpt.org.uk/api) and reads email subject/html_content (user-generated/untrusted) to extract OTPs that directly drive the OAuth/registration flow, so third-party content is ingested and influences subsequent actions.