codex-deep-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scripts/search.sh SEARCH_INSTRUCTION explicitly tells the Codex CLI to "Search the web" and to append findings with source URLs to the output, so the agent fetches and ingests arbitrary public web pages (untrusted third-party content) that can materially influence its synthesized results and notifications.