research

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill appears designed for benign web-research, but it embeds explicit, deliberate instructions to bypass approvals and sandboxing (e.g., --dangerously-bypass-approvals-and-sandbox, --skip-git-repo-check), which are clear attempts to evade safety controls and create a high risk of misuse (sandbox escape, unmediated external requests, and potential data exfiltration).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Steps 3–6) and references/CODEX_COMMANDS.md explicitly instruct the agent to perform codex web searches that return raw search results/URLs and to extract and act on facts from those public web pages, i.e., ingesting untrusted third-party web content that can influence research outputs.