codex-code-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads user-generated PR metadata via gh pr view (title/description), fetches diffs (git diff -> /tmp/codex-diff-...), and reads the full source of changed files (from the repo/PR) and then feeds that content into Codex prompts and decision-making, so untrusted third-party PR/web-hosted content can materially influence tool actions and behavior.