codex-autoresearch-skill

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). Yes — while no direct .exe is linked, the ara.so link plus an unvetted GitHub repo instructs installing third‑party code, adding hooks and running the agent with a "dangerously‑bypass‑approvals‑and‑sandbox" flag (unattended/background execution and auto‑hooks), which are strong indicators of a high‑risk, potentially malicious distribution vector if the source is not trusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Escalation Strategy (When Stuck)" explicitly performs a "Web search" and shows an example where external search results ("Web search: 'TypeScript eliminate any types best practices' → Found: Use strictNullChecks + noImplicitAny...") are incorporated into the loop, indicating it fetches and interprets public third‑party web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs enabling "Full Access" and explicitly to start Codex with --dangerously-bypass-approvals-and-sandbox (i.e. bypassing sandbox/approvals), which is a direct prompt to disable security protections on the host even though it doesn't request sudo or create users.