codex-cli-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly documents remote skill discovery and distribution (e.g., "Registry: Remote skills index (when configured)" under "Skill Discovery and Locations" and GitHub-based install examples like git clone https://github.com/org/skills-repo.git), meaning the agent can fetch and load untrusted third‑party SKILL.md / agents/openai.yaml content that directly defines instructions and tools used at runtime.