codex-config-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public GitHub release notes using "gh api repos/openai/codex/releases" (SKILL.md section 3, referenced in sections 4 and 9) and requires the agent to read and interpret those external release contents to produce changelogs and detect breaking changes, so untrusted third‑party content can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). At runtime the skill invokes the GitHub releases endpoint (e.g., https://github.com/openai/codex/releases via the gh api call) to fetch release notes that are then ingested and used to generate changelog summaries, meaning remote content directly controls the agent's outputs.