authentication-implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill integrates OAuth providers and explicitly consumes user profile data from third-party providers (e.g., GoogleStrategy in src/auth/strategies/google.strategy.ts and the "StudyAbroad-Specific Considerations" noting Google OAuth/University SSO), and that untrusted user-generated profile data is parsed and used to create users and drive authentication decisions.