a6-plugin-openid-connect

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes numerous examples that embed client_secret, session secrets, and passwords directly in JSON/YAML and curl commands (e.g., -d "client_secret=your-client-secret", redis password), which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs APISIX to fetch and parse external OIDC discovery documents, JWKS, and call IdP introspection endpoints (e.g., the "discovery" /.well-known/openid-configuration and "introspection_endpoint" URLs), which are untrusted third-party sources whose returned content is read/interpreted at runtime and can materially change authentication behavior.