oauth-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and rules files show runtime fetches of public APIs (e.g., fetch('https://api.github.com/user') and fetch('https://graph.microsoft.com/v1.0/me')) that ingest untrusted, user-generated data from third-party web services which the agent is expected to read and which can influence authentication/authorization logic.