Researchers found that .env files inside cloned repositories could be used to change the Codex CLI home directory path and load a rogue configuration file leading to arbitrary command execution.