auth0-nextjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The automated setup in references/setup.md clearly downloads a third‑party install script (curl https://raw.githubusercontent.com/...) and uses the auth0 CLI to fetch and parse Auth0 API responses (and the docs include examples that fetch external APIs), so the skill consumes untrusted third‑party content that can influence configuration and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The automated setup script in references/setup.md fetches and executes a remote installer via "curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh -o /tmp/auth0-install.sh" followed by "sh /tmp/auth0-install.sh", which runs remote code during runtime and is required for the automated setup.