codex

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt permits and instructs use of writable and "danger-full-access" sandboxes and to bypass repository checks (including contradictory guidance to "always use --skip-git-repo-check"), which enables the agent to perform edits or broader actions that can change machine state—so although it defaults to read-only and asks for permission for high-impact flags, the explicit support for full-access and skip-git-repo-check makes it risky.