oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly permits Codex to perform web searches ("Codex CLI ... can explore files, grep code, and web search on its own" in SKILL.md) and the prompt in scripts/codex-oracle.py's tool_usage_rules tells Codex to "Research ... via web search," while --context-file accepts external files, so untrusted public content can be fetched and influence the agent's analysis and subsequent actions.