codex-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and reviews user-provided repository content and pull/merge request diffs from public Git hosting in CI (e.g., the GitHub Action that runs git diff origin/${{ github.base_ref }}...HEAD > diff.txt and then calls codex exec "Review this git diff...", and the GitLab/GitHub/Jenkins examples that review merge request changes), so untrusted, user-generated code/comments are read by the model and could carry indirect prompt injections.