spring-boot-security-jwt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly integrates external OAuth2 providers and JWT sources (e.g., spring.security.oauth2.* user-info-uris in application.yml, oauth2 login and userInfoEndpoint in SecurityConfig, and jwk-set-uri/public-key locations in references) so the runtime fetches and parses untrusted third-party user-info and JWT claims which are then used for authentication/authorization decisions.