node-add-oauth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Step 6 explicitly instructs adding a getSiteId helper that calls an external "accessible-resources" endpoint via this.helpers.requestWithAuthentication (and Step 2 directs looking up the service's OAuth2 endpoints), meaning the node will fetch and parse untrusted third‑party API responses which are then used to choose domains/site IDs and drive subsequent requests.