setup-mcp-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the server to fetch OIDC discovery documents and a JWKS URI (e.g., "JWKS URI: https://.../.well-known/jwks.json") and uses those remote keys/documents at runtime to validate tokens and drive authorization decisions, so third-party-hosted content will be fetched and can materially influence access and tool behavior.