codex-issue-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's collector (scripts/collect_issue_digest.py) uses the GitHub CLI/API to fetch public GitHub issues, comments, and reactions (e.g., repos/openai/codex issues and comments) and the SKILL.md instructs the agent to read and use that JSON evidence (issue titles, bodies, comments, reactions) to drive summaries and priorities, exposing it to untrusted, user-generated third‑party content that can materially influence decisions in the digest.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The collector invokes the GitHub CLI to fetch issue/comment/reaction JSON at runtime from the GitHub API (e.g., repos/openai/codex/issues / search/issues — e.g. https://api.github.com/repos/openai/codex/issues) and uses that JSON as the model-ready "summary_inputs" which directly control the agent's prompts/content.