codex-issue-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's collector (scripts/collect_issue_digest.py) explicitly calls the GitHub CLI / API to fetch issues, comments, and reactions from a public repo (e.g., fetch_issue, fetch_comments, fetch_reactions_for_item), and SKILL.md requires using the resulting JSON (summary_inputs) as model-ready evidence to cluster, summarize, and produce owner-facing headlines/actions—meaning untrusted, user-generated GitHub content is read and used to drive decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the GitHub CLI at runtime (e.g. via gh api endpoints like "repos/openai/codex/issues/{number}" and "search/issues") to fetch issue/comment/reaction JSON which is then used as model-ready summary_inputs and injected into the agent's report-generation context, meaning external GitHub content directly drives the agent's prompts/outputs.