codex-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and referenced docs (e.g., references/agent-approvals-security.md and references/app/features.md) explicitly describe and enable live web search/web browsing (web_search = "live", webSearch action/openPage) and use of external network tools (e.g., fetching PRs via gh, app/plugin/app-list fetches, OAuth authUrl), so the agent is expected to ingest untrusted, user-generated web/forum/PR content which can materially influence tool calls and next actions.