oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and the codex-oracle.py prompt explicitly state that the Codex CLI "can ... web search" and the embedded tool_usage_rules tell Codex to "Research documentation, best practices, and architectural patterns via web search," so the skill instructs the agent to fetch and interpret open/public third-party content that can influence its analysis.