codex-bug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires fetching and reading GitHub issue and comment data from the public GitHub API for github.com/openai/codex, which is user-generated, untrusted third-party content that the agent must interpret to decide next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching GitHub issue data at runtime and using the API responses as the source of truth (e.g., https://api.github.com/repos/openai/codex/issues/ and https://api.github.com/repos/openai/codex/issues//comments, and the issue URL github.com/openai/codex/issues/…) which are injected into the agent context and directly influence its prompts/decisions.