auth0-quickstart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's required CLI installation step (references/cli.md) explicitly fetches a public install script via curl from raw.githubusercontent.com (https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh) and includes links to public Auth0 docs/forum that the workflow expects you to retrieve/review, meaning untrusted third-party content is ingested and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's installation step explicitly downloads and runs a remote installer script (sh /tmp/auth0-install.sh) fetched from https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh, which executes remote code and is a required dependency for the CLI-based runtime commands.