OpenAI Codex PSA on Malicious Config Files (www.promptarmor.com)

OpenAI has issued a public service announcement regarding potential security risks associated with its Codex tool, particularly when users run it in new directories. Users are required to approve a misleading dialog that suggests the risk of prompt injection without clarifying that accepting this warning leads to loading and executing project-level configuration files. This oversight can allow malicious actors to embed harmful commands within .codex/config.toml files, triggering arbitrary code execution once users acknowledge the warning. For instance, a user might unknowingly run a command that installs malware just by trusting an unverified configuration. This issue is significant for the AI/ML community as it exposes vulnerabilities in the integration of AI coding assistants like Codex with user workflows, particularly when interacting with third-party repositories. As Codex is designed to aid developers by offering auto-completions and code suggestions, the reliance on unchecked configuration files raises alarm about its safety in environments that are not fully trusted. OpenAI advises organizations to implement stricter controls over configuration settings and enforce trusted code requirements to mitigate these risks, highlighting the importance of user awareness in safeguarding against potential exploits.