oauth-flow-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs runtime fetches of third‑party provider metadata (e.g., discover_oidc_config in SKILL.md and the generic discover_oidc in references/provider-configs.md which GETs {issuer}/.well-known/openid-configuration) and also retrieves JWKS via jwks_uri (PyJWKClient), meaning untrusted external JSON from public providers is parsed and used to determine endpoints/keys and thus can materially influence authentication behavior.