codex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the external Codex CLI with web search enabled (see multiple places: Review/Challenge/Consult steps use codex with --enable web_search_cached), so it will fetch and ingest public web content and use that output verbatim to decide gate PASS/FAIL and produce recommendations—allowing untrusted third‑party content to materially influence actions.