codex-think-about

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the agent’s LLM context via Codex’s runtime web research: the runner’s start/poll path fetches public web pages (URLs/content not authored by the operating user) and then returns their extracted text in review.raw_markdown/review.sources, which the workflow parses and feeds into the subsequent LLM prompt templates (e.g., Step 4 “Parse … Fallback: review.raw_markdown” and render round2+).