codex

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly tells the agent to read and embed full plan/file contents into prompts sent to Codex and to present Codex's output verbatim, which means any secrets present in those files (or echoed back by Codex) would be included exactly in generated requests/output, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly enables Codex's web search via the --enable web_search_cached flag (multiple places in Step 2A/2B/2C), causing the agent to fetch and interpret public web/docs content as part of its review/challenge/consult workflows and use that output to decide gates/verdicts—exposing it to untrusted third‑party pages that can influence actions.