codex-tools-account-manager

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links combine downloads from an untrusted GitHub account (releases hosting .dmg/.msi/.exe), Cloudflare quick-tunnel domains that expose local services publicly, and instructions to run local binaries and modify system apps/tokens — together these are high-risk indicators for malware distribution or remote abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly documents exposing the local /v1 API proxy via Cloudflared Quick Tunnel (e.g., a public https://*.trycloudflare.com URL under "Cloudflared Public Access" / "Quick Tunnel"), which would accept arbitrary external requests (untrusted user-generated prompts) that the proxy ingests and forwards to Codex models, enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit instructions that require and encourage using sudo to disable macOS security (sudo spctl --master-disable and sudo xattr ...), plus guidance to expose local services publicly and kill/restart editor processes, which clearly push actions that compromise the machine's security/state.