auth0-php-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs runtime fetches of external Auth0 resources (e.g., the SDK's JWKS fetch to https://{AUTH0_DOMAIN}/.well-known/jwks.json and the automated Setup Guide/auth0 CLI steps in references/setup.md that retrieve tenant/CLI outputs and even an install script), so the agent is expected to ingest and act on third‑party, user‑configurable web content that can materially change authentication/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The setup guide's automated install step fetches and executes a remote script at https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh (curl ... && sh /tmp/auth0-install.sh), which is invoked at runtime to install the Auth0 CLI and thus directly executes external code.