harness-keycloak-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The pipeline Run steps explicitly curl and parse responses from ${KEYCLOAK_URL} (e.g., token and clients endpoints like "${KEYCLOAK_URL}/realms/.../protocol/openid-connect/token" and "${KEYCLOAK_URL}/admin/realms/.../clients"), using returned JSON (parsed with jq) to decide whether to create/update clients and to store secrets, so arbitrary external Keycloak API responses specified by the pipeline variable can directly influence actions.