epds-login

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes open, third‑party URLs as part of its required workflow — e.g., it fetches client metadata and (optionally) an email template URI at runtime (references/client-metadata.md) and resolves a DID via https://plc.directory/{userDid} in the callback (references/flows.md), so untrusted external content is read and used to drive redirects, emails, and handle resolution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires a publicly-hosted client metadata URL (e.g. https://yourapp.example.com/client-metadata.json) that ePDS fetches at runtime — and may also fetch an email_template_uri to use as the OTP email body — meaning remote content can directly control user-facing prompts/branding.