implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core execution workflow (Execution Workflow → Step 4: "Documentation & Research") explicitly instructs the agent to web-search and WebFetch public third-party pages (e.g., https://oauth.net/2/, https://www.passportjs.org/...) and to incorporate those fetched documents into task prompts, meaning untrusted public web content is ingested and can influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly uses runtime WebFetch calls to pull external documentation (e.g., https://www.passportjs.org/packages/passport-google-oauth20/ and https://oauth.net/2/) and then injects that fetched content into Task prompts (Documentation: ${passportDocs}), meaning those URLs are fetched at runtime and directly control agent prompts.