mcp-oauth-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses untrusted third-party content (e.g., RFC 8414 discovery at /.well-known/oauth-authorization-server in references/oauth_flow.md and MCP tool sync responses including JSON-RPC "tools/list" and SSE in references/tool_sync.md), and those responses (discovered endpoints, client credentials, and tool lists) are read and acted on at runtime to register clients, obtain tokens, and enable/disable tools—so remote content can materially change agent behavior.