doctor
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's Auto-Fix section in SKILL.md explicitly fetches raw content from a public GitHub URL ("Fix: Missing/Outdated AGENTS.md" with WebFetch to https://raw.githubusercontent.com/Yeachan-Heo/oh-my-codex/main/docs/AGENTS.md), writes it into ~/.codex/AGENTS.md, and that file is then read/checked by the workflow to decide diagnostics and fixes, so untrusted third‑party content can influence subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's auto-fix step issues a runtime WebFetch to "https://raw.githubusercontent.com/Yeachan-Heo/oh-my-codex/main/docs/AGENTS.md" to retrieve and write remote markdown that can control agent configuration/behavior, so this external URL is used at runtime to inject instructions/configuration.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata