oauth-oidc-implementer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's OIDC Discovery and JWT Validation examples in SKILL.md explicitly fetch and consume external OIDC configuration and JWKS (getOIDCConfig fetching ${issuer}/.well-known/openid-configuration and jwksClient using a jwksUri), meaning the agent would read and act on untrusted third-party endpoints that can materially change validation and flow behavior.