codex-auto-register

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is explicitly designed to automate mass creation of ChatGPT/Codex accounts, harvest OAuth access/refresh tokens and credentials, aggregate them into token files, and optionally upload those credentials to external "CPA" endpoints or token stores—behaviors constituting deliberate credential collection, data exfiltration, and facilitation of large-scale account abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the DuckMail API to create and check temporary email inboxes (see "POST {duckmail_api_base}/api/email/create" and "GET {duckmail_api_base}/api/email/{email_id}/messages") and the workflow requires reading those incoming emails to extract verification links/tokens used to drive the registration/OAuth flow, so untrusted third-party email content can materially influence actions.