codex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and fetches public GitHub repositories and PR refs (e.g., "git clone https://github.com/user/repo.git" and "git fetch origin '+refs/pull//head:refs/remotes/origin/pr/'") and then runs the Codex agent to read/interpret diffs and autonomously apply changes (including --full-auto/--yolo), so untrusted user-generated content can materially influence agent behavior.