testing-oauth2-implementation-flaws

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding captured tokens and client secrets directly into HTTP requests and code (e.g., Authorization headers, token exchange with "client_secret", and use of "captured_auth_code"/"access_token_from_client_a"), which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses open/public OAuth/OIDC endpoints (e.g., requests.get to AUTH_SERVER/.well-known/openid-configuration and subsequent calls to the discovered authorization/token endpoints and Location headers) as shown in SKILL.md and scripts/agent.py, so it ingests untrusted third-party content (authorization servers, redirect URLs) that is interpreted to drive tests and follow-up actions.