oidc-hosted-page-laravel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md instructs the app to call the SSOJet issuer endpoints (e.g., getUserByToken -> config('services.ssojet.issuer_url') . '/oauth2/userinfo' and Socialite::driver('ssojet')->user() in SSOController::callback) to ingest external user profile data from the third-party https://auth.ssojet.com and then uses those untrusted user-provided claims to create/update accounts and make authentication decisions.