What version of the Codex App are you using (From “About Codex” dialog)?
0.118.0
What subscription do you have?
ChatGPT Pro
What platform is your computer?
Win32NT 10.0.26200.0 Microsoft Windows NT 10.0.26200.0
What issue are you seeing?
While using Codex App for a normal coding / translation task, the assistant unexpectedly produced unrelated content mixed with internal tool invocation output.
The response included:
- Gambling-related and irrelevant Chinese text
- Unexpected tool call markers such as: to=functions.shell_command
- Raw command JSON (e.g. Get-Content commands) leaking into the response
This content appeared in the middle of an otherwise normal response and was completely unrelated to the user task.
Expected behavior:
- Only relevant assistant output should be shown
- Tool invocation details should never be visible to the user
Actual behavior:
- The response contained a mixture of normal output, unrelated spam-like text, and internal tool-call content
This may indicate tool output leakage or context contamination in the agent pipeline.
What steps can reproduce the bug?
Steps to reproduce:
- Open Codex App (Windows environment)
- Start a normal coding / translation task
- Continue interacting for several turns
- At some point, the assistant response includes:
- unrelated gambling-like content (Chinese text)
- tool call markers such as "to=functions.shell_command"
- raw JSON command payload (e.g. Get-Content)
Notes:
- This was not triggered intentionally by requesting shell commands
- The content appears unexpectedly within a normal response
- The issue may not occur immediately but appears during longer interactions
The following Chinese phrases appeared in the response and are unrelated to the task:
-
"娱乐彩票平台"
→ entertainment betting platform (gambling-related)
-
"中国福利彩票"
→ China Welfare Lottery
-
"天天中彩票"
→ daily lottery winning (gambling-related)
-
"娱乐城招商"
→ casino platform promotion
These terms are clearly unrelated to the coding/translation task and are typically associated with gambling or spam content.
What is the expected behavior?
The assistant should only output content relevant to the user’s request.
Internal tool invocation details (e.g. to=functions.shell_command or raw command JSON) should never be visible in the user-facing response.
The output should remain clean, stable, and free of unrelated or spam-like content.
Additional information
The session context was entirely about an English-learning/coding project, and I never asked Codex to open or search gambling/adult content. The unrelated content appeared together with leaked internal tool-call text in a normal response.
This behavior is concerning because it introduces unrelated and potentially harmful content (e.g., gambling/adult text) into normal user workflows.
Such output may affect user trust and is not appropriate in the context of an English-learning or coding task.
What version of the Codex App are you using (From “About Codex” dialog)?
0.118.0
What subscription do you have?
ChatGPT Pro
What platform is your computer?
Win32NT 10.0.26200.0 Microsoft Windows NT 10.0.26200.0
What issue are you seeing?
While using Codex App for a normal coding / translation task, the assistant unexpectedly produced unrelated content mixed with internal tool invocation output.
The response included:
This content appeared in the middle of an otherwise normal response and was completely unrelated to the user task.
Expected behavior:
Actual behavior:
This may indicate tool output leakage or context contamination in the agent pipeline.
What steps can reproduce the bug?
Steps to reproduce:
Notes:
"娱乐彩票平台"
→ entertainment betting platform (gambling-related)
"中国福利彩票"
→ China Welfare Lottery
"天天中彩票"
→ daily lottery winning (gambling-related)
"娱乐城招商"
→ casino platform promotion
These terms are clearly unrelated to the coding/translation task and are typically associated with gambling or spam content.
What is the expected behavior?
The assistant should only output content relevant to the user’s request.
Internal tool invocation details (e.g. to=functions.shell_command or raw command JSON) should never be visible in the user-facing response.
The output should remain clean, stable, and free of unrelated or spam-like content.
Additional information
The session context was entirely about an English-learning/coding project, and I never asked Codex to open or search gambling/adult content. The unrelated content appeared together with leaked internal tool-call text in a normal response.
This behavior is concerning because it introduces unrelated and potentially harmful content (e.g., gambling/adult text) into normal user workflows.
Such output may affect user trust and is not appropriate in the context of an English-learning or coding task.