codex-pet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires a "source image URL" (publicly fetchable HTTPS) which the RunComfy service fetches and the workflow passes into a single runcomfy run openai/gpt-image-2/edit call (see "Step 1" and "Prerequisites"/"Security & Privacy"), so untrusted third‑party image content is ingested and directly influences model outputs — a clear vector for indirect (image-based) prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Flagging the user-supplied source image URL (e.g., "https://.../source.png") because the skill fetches that external image at runtime and injects it into the RunComfy GPT Image 2 edit call, meaning external content can directly control the model output (image-based prompt-injection risk).