Skills
skills/azeem-2/hackthonii/auth/Snyk

auth

Warn

Audited by Snyk on Mar 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). core/oauth.py clearly performs live requests to public OAuth endpoints (e.g., Google USER_INFO_URL https://www.googleapis.com/oauth2/v2/userinfo and GitHub USER_INFO_URL https://api.github.com/user) and ingests untrusted user/profile/token data from those third-party services that directly influence authentication and authorization decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 11:03 AM
Issues
1