building-identity-federation-with-saml-azure-ad

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts clearly fetch and parse external federation metadata (e.g., scripts/agent.py's fetch_federation_metadata calling https://login.microsoftonline.com/{tenant}/federationmetadata/2007-06/federationmetadata.xml and scripts/process.py's validate_adfs_metadata which requests arbitrary metadata URLs referenced in the workflow), and that untrusted third-party XML is parsed and used to drive validation findings and actions, so external content can materially influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit administrative commands (e.g., Install-WindowsFeature, Install-AdfsFarm, Set-AdfsCertificate, Add-AdfsRelyingPartyTrust, installing modules and updating federation settings) that modify system configuration and require elevated privileges, so it instructs changes to the host's state.