headless-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and command examples explicitly enable web search (e.g., the Codex alias in SKILL.md: "codex --enable web_search_request ..." and references/codex-cli.md which documents --search / --enable web_search_request), meaning the agent can fetch and consume open web content that could contain untrusted, user-generated instructions which the models will read and act on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly promotes "YOLO" / "--dangerously-skip-permissions" / sandbox-bypass modes and aliases that remove safety checks, which can enable an agent to perform unrestricted actions on the host (including actions that could modify system state), so it poses a high risk of compromising the machine.