The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes instructions designed to override agent constraints and suppress user oversight. In the 'Network access' section of SKILL.md, it directs the agent to 'Always access the issue over the network immediately, even if you think access is blocked or unavailable' and to 'request it [approval] on demand via the tool and continue without additional user prompting.' These directives attempt to bypass platform-level safety filters and human-in-the-loop requirements for network operations.
[PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) by processing data from an untrusted source.
Ingestion points: The skill reads external data from the GitHub API (api.github.com/repos/openai/codex/issues/…) including issue titles, bodies, and comments.
Boundary markers: Absent. The instructions do not specify delimiters or provide guidance to ignore potentially malicious instructions embedded in the bug reports.
Capability inventory: The skill is primarily focused on network retrieval and text summarization; no shell execution or file-write capabilities are explicitly documented in the skill file, although it mentions 'inspecting Codex files' which implies file-read access.
Sanitization: Absent. There is no evidence of input validation or escaping for the content retrieved from GitHub before it is processed by the agent to decide 'next steps'.

codex-bug