codex-cli-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to "Scrape All Documentation" from configured llms.txt sources (references/sources.json) and provides scripts (scripts/core/scrape_docs.py) to fetch and ingest public documentation pages (e.g., developers.openai.com llms.txt targets), so the agent will read third‑party web content that can influence indexing, search results, and subsequent actions.