context-mode-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill ingests outsider-authored free text from GitHub issues/PR bodies and comments via gh issue view / gh pr view (and --comments), which are then fed into the agents’ LLM context for triage/review.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's auto-recovery protocol explicitly runs git clone at runtime to fetch upstream platform repositories (e.g., https://github.com/openai/codex) into refs/platforms and then requires agents to use those freshly-fetched files as authoritative evidence for prompts/decisions, so remote content is fetched during runtime and directly controls agent instructions.