codex-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content — e.g., the PR review flow and scripts/review.sh call out "gh pr diff <PR_NUMBER>" to pull GitHub PR diffs and the "CRITICAL: Web Search Verification" section mandates using a WebSearch tool to verify versions/best-practices — both of which cause the agent to read and interpret untrusted third-party web content.