authentication-flow-rules

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The Memory Protocol includes explicit commands to read and persist internal agent memory (e.g., "cat .claude/context/memory/learnings.md" and "Record any new patterns"), which are unrelated to OAuth guidance and instruct the agent to access/modify internal state — a hidden/deceptive instruction outside the skill's stated purpose.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Mixed: https://evil.com is an untrusted/suspicious-looking domain and a high-risk potential malware distribution source, whereas https://yourapp.com/auth/callback and https://github.com/login/oauth/authorize are legitimate OAuth endpoints (not direct download links) and are low risk for distributing executables unless they are abused to redirect to malicious downloads.