codex-mcp-server-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted public web content via the "websearch" tool described in SKILL.md (Available Tools → websearch and the "Research and Documentation" / example integration script), and those fetched search results are shown used in workflows that influence subsequent Codex actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The MCP configuration runs "npx -y codex-mcp-server" (fetching and executing the codex-mcp-server package from npm at runtime), which downloads and executes remote code that will control the agent's MCP prompts/behavior.