codex-oauth-automation-extension

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt shows plaintext passwords being captured, stored, displayed in the sidebar, and embedded verbatim in inter-script messages (e.g., chrome.tabs.sendMessage payload), so secret values are handled and transmitted directly by the skill.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). The URLs include an unknown GitHub repository that instructs you to load an unpacked Chrome extension with powerful debugger/webNavigation capabilities that can intercept OAuth callbacks and handle credentials (plus localhost and user-specified CPA endpoints), which makes this a high-risk distribution mechanism for token/credential theft and unauthorized access.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This extension is intentionally designed to automate mass OpenAI account creation and OAuth approvals, intercept sensitive artifacts (OTP emails, generated passwords, and OAuth authorization codes/state), delete mailbox traces, and submit those authorization callbacks to an external CPA management endpoint — behavior consistent with credential harvesting and large-scale abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly opens and polls third-party webmail pages (content/duck-mail.js → https://duckduckgo.com/email/settings/autofill, content/qq-mail.js, content/mail-163.js, content/inbucket-mail.js) and reads user-generated emails/OTPs as part of the automated signup/OAuth flow described in SKILL.md, allowing external messages to directly drive decisions and next actions.