codex-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Danger-Full-Access" mode explicitly grants "network access for fetching dependencies" and includes examples like "Install dependencies and integrate API", which mean the agent will fetch and consume packages from public registries (untrusted third‑party content) as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly provides and encourages use of "danger-full-access" and a "--dangerously-bypass-approvals-and-sandbox" flag, and describes system-level operations, network access, and access to all files—actions that directly enable bypassing sandboxing and modifying the host system.