codex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends prompts to Codex with --enable web_search_cached (allowing public web/docs lookup) and performs artifact sync/git fetch and gbrain pulls from remote GitHub/GitLab repos (e.g., the Artifacts Sync and codex exec sections), so it ingests untrusted third‑party content that the agent reads and uses to influence review/challenge decisions.