auth0-swift-major-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow fetches v3 SDK Swift source from public GitHub raw URLs (e.g., curl -sf https://raw.githubusercontent.com/auth0/Auth0.swift/${TAG}/Auth0/CredentialsManager.swift in Step 3), which is outsider-authored free text ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime fetches of the Auth0 SDK (e.g. https://api.github.com/repos/auth0/Auth0.swift/releases and https://raw.githubusercontent.com/auth0/Auth0.swift/${TAG}/Auth0/) and uses the fetched source as the authoritative signatures that directly control migration decisions, so these remote URLs are runtime dependencies that can change the agent's instructions.