The Agent Skills Directory

[SAFE]: The skill provides comprehensive educational materials and security auditing scripts for OAuth 2.0 and OIDC implementations. It follows industry best practices for identity and access management.
[PROMPT_INJECTION]: Analysis of the skill's indirect prompt injection surface: (1) Ingestion points: The scripts 'scripts/agent.py' and 'scripts/process.py' fetch external configuration files from remote URLs based on user-provided issuer addresses. (2) Boundary markers: The scripts do not use explicit delimiters when processing the fetched JSON data, but they perform structured parsing. (3) Capability inventory: The skill's functionality is restricted to network GET requests and local console logging. There are no capabilities for file-system modification, arbitrary command execution, or persistence. (4) Sanitization: Data is parsed as JSON, and findings are derived through static logic checks against the configuration values.

configuring-oauth2-authorization-flow