session-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests untrusted, user-generated JWT/session claims (e.g., sessionClaims and user.public_metadata) from application users and uses them to drive authorization and runtime behavior — see templates/jwt-verification.ts (withAuth/withRole/verifySessionToken), templates/custom-claims.ts (CustomClaims access), and the test endpoints created in scripts/test-sessions.sh (app/api/test-claims) which read and act on sessionClaims.