run-research-and-save-files-by-codex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly dispatches codex exec jobs that perform web and Reddit searches and scraping per the "Research methodology" in references/codex-prompt-skeleton.md (and the codex exec contract), and Claude reads those codex-produced files between waves to drive subsequent dispatches and the master summary, so untrusted third‑party content can materially influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs running subprocesses with flags that bypass approvals and the sandbox (and suggests skipping auth via env vars), which encourages circumventing security controls and allows untrusted code to write directly to the filesystem, so it poses a high risk of compromising the host state.