oauth-providers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes runtime code that fetches and processes arbitrary public/user-generated data from third-party social APIs (e.g., fetchMicrosoftGroups in app/api/webhooks/clerk/route.ts, getDiscordGuilds/getDiscordProfile in templates/discord/clerk-config.ts, and Twitch/GitHub/Microsoft helper functions) so the agent will read and interpret untrusted third-party content (social profiles, guild lists, Graph API responses) as part of its workflow.