moai-security-identity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests and acts on external, potentially untrusted third-party content—e.g., SKILL.md and examples show OIDC discovery and fetching of JWKS from ${issuerUrl}/.well-known/jwks.json (OIDCValidator.initialize / Issuer.discover), SCIM webhook handlers that consume incoming provisioning events, and Context7 queries—any of which the agent reads and uses to make authentication/provisioning decisions.