mcp-oauth-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses untrusted public MCP server content (e.g., the .well-known OAuth metadata in discover_oauth_metadata! and dynamic client registration endpoints, plus the JSON-RPC initialize/tools/list and SSE responses in sync_tools!) and uses those responses to register clients, obtain tokens, and populate discovered_tools that directly influence authentication, available tools, and subsequent agent behavior.