What version of Codex is running?
codex-cli 0.23.0
Which model were you using?
GPT-5
What platform is your computer?
Linux 6.6.87.2-microsoft-standard-WSL2 x86_64 x86_64
What steps can reproduce the bug?
Start codex, use /init command.
The resulting AGENTS.md at repo root contains ## Agent‑Specific Instructions part, if any instructions set in ~/.codex/AGENTS.md.
This might pull some sensitive information from ~/.codex/AGENTS.md (which is local) to AGENTS.md pushed to remote git. The project specific AGENTS.md (repo root, subfolders) are not in .gitignore by default.
Codex users might not be aware of such behaviour, and if not attentive enought, sensitive information might slip to public.
What is the expected behavior?
- AGENTS.md created by /init command should not include potentially sensitive information.
AND/OR
- After the AGENTS.md created by /init command, user should be explicitly informed about the potential exposure of sensitive information from
~/.codex/AGENTS.md, and asked to either review the AGENTS.md, or put it to .gitignore.
What do you see instead?
- AGENTS.md created by /init command include potentially sensitive information. In my case, it was git user.email, which I accidentally left private (as I worked on private repo before), and did not changed it to users.noreply.github.com one. But one can imagine other sensitive information leaked this way.
AND/OR
- After the AGENTS.md created by /init command, user IS explicitly informed about the potential exposure of sensitive information from
~/.codex/AGENTS.md, and ASKED to either review the AGENTS.md, or put it to .gitignore.
Additional information
The inclusion of ## Agent‑Specific Instructions is actually based on the last line of codex-rs/tui/prompt_for_init_command.md:
"(Optional) Add other sections if relevant, such as Security & Configuration Tips, Architecture Overview, or Agent-Specific Instructions."
It's modification is the easiest way to solve this issue.
What version of Codex is running?
codex-cli 0.23.0
Which model were you using?
GPT-5
What platform is your computer?
Linux 6.6.87.2-microsoft-standard-WSL2 x86_64 x86_64
What steps can reproduce the bug?
Start codex, use
/initcommand.The resulting
AGENTS.mdat repo root contains## Agent‑Specific Instructionspart, if any instructions set in~/.codex/AGENTS.md.This might pull some sensitive information from
~/.codex/AGENTS.md(which is local) to AGENTS.md pushed to remote git. The project specific AGENTS.md (repo root, subfolders) are not in .gitignore by default.Codex users might not be aware of such behaviour, and if not attentive enought, sensitive information might slip to public.
What is the expected behavior?
AND/OR
~/.codex/AGENTS.md, and asked to either review the AGENTS.md, or put it to .gitignore.What do you see instead?
AND/OR
~/.codex/AGENTS.md, and ASKED to either review the AGENTS.md, or put it to .gitignore.Additional information
The inclusion of
## Agent‑Specific Instructionsis actually based on the last line ofcodex-rs/tui/prompt_for_init_command.md:It's modification is the easiest way to solve this issue.