testing-oauth2-implementation-flaws

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs capturing and embedding OAuth secrets (authorization codes, access/refresh tokens, client_secret) verbatim in requests and example code (e.g., "captured_auth_code", "client_secret_value", "access_token_from_client_a"), which requires the LLM to handle/output secrets directly and poses exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and scripts/agent.py explicitly fetch and parse open/public OAuth endpoints (e.g., requests.get to {AUTH_SERVER}/.well-known/openid-configuration and arbitrary auth_url/token_url passed to the agent) and then interpret redirect Location headers and endpoint JSON to drive tests and findings, so untrusted third‑party responses directly influence agent actions.