adversarial-spec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports web searching via the Codex CLI (see SKILL.md "Codex CLI Setup" with "Web search: --codex-search") and scripts/models.py's call_codex_model passes --search to the Codex CLI and feeds the returned public web content into model prompts and critiques, so untrusted third‑party webpages can be ingested and influence the agent's decisions.