codex

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes deceptive operational directives outside harmless runner guidance—notably instructing the agent to identify itself as "Claude" (an impersonation) when resuming Codex plus blanket instructions to always skip repo checks and suppress stderr (2>/dev/null), which alter visibility and trust and go beyond the stated benign CLI-running purpose.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs assembling and running codex commands that use high-impact flags (workspace-write, danger-full-access, --full-auto) and to always use --skip-git-repo-check, which encourages bypassing checks and granting broad write/network access that can modify the host state.