ce-work-beta

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to "Review any references or links provided in the plan" (Phase 1: Read Plan and Clarify in SKILL.md) and the Codex delegation flow documents a "yolo" sandbox with network access for delegated execution, so the agent will fetch and interpret arbitrary external links/third-party resources as part of its required workflow and those inputs can influence subsequent tool invocations and decisions.