powersync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required onboarding and connector code instruct the agent to call and validate user-provided backend endpoints (e.g., the token endpoint and the /.well-known/jwks.json JWKS URI) and to use the returned JWT/endpoint values for authentication and connector behavior (see references/custom-backend.md and AGENTS.md), which clearly ingests untrusted third‑party content that can materially influence subsequent actions.