codex-config-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses public GitHub release notes (see "3.2 Fetch from GitHub" and "11. Important Notes" directing use of the GitHub releases API) and requires the agent to read and act on those release bodies to summarize/categorize changes and derive migration guidance, which exposes it to untrusted third-party content that could carry injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a runtime GitHub API fetch (gh api repos/openai/codex/releases → https://api.github.com/repos/openai/codex/releases or the releases page https://github.com/openai/codex/releases) to retrieve release notes which are injected into the agent's summarization workflow (controlling the model context) and are required for its CHANGELOG operations, so this is a runtime external dependency that can directly control prompts.