The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes auditing scripts (agent.py and process.py) that perform network operations to external URLs. These requests are used to fetch OIDC configuration data and test token endpoints, which is the primary intended function of the skill. The scripts can transmit user-supplied client secrets to these endpoints for authentication testing purposes.
[PROMPT_INJECTION]: The skill processes external data from OIDC discovery endpoints, creating a surface for indirect prompt injection.
Ingestion points: The scripts fetch JSON configuration from the .well-known/openid-configuration endpoint of user-provided issuer URLs.
Boundary markers: Not implemented; the external configuration data is processed and displayed directly in the audit output.
Capability inventory: The scripts utilize network capabilities (GET and POST requests) through the requests and urllib libraries to interact with the discovered endpoints.
Sanitization: Data retrieved from external sources is parsed as JSON but does not undergo specific sanitization for malicious instruction patterns before being presented to the agent or user.
[SAFE]: The skill does not contain hardcoded credentials, obfuscated code, or unauthorized persistence mechanisms. The recommended dependencies (requests, authlib, PyJWT) are well-known, industry-standard libraries for the stated purpose of the skill.

configuring-oauth2-authorization-flow