express-oauth2-jwt-bearer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch the latest release tag from GitHub (gh api repos/auth0/node-oauth2-jwt-bearer/releases/latest) and use that external, public value in dependency declarations, meaning untrusted third‑party content (a public GitHub API response) is ingested and used to determine subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill contains an explicit runtime fetch—"gh api repos/auth0/node-oauth2-jwt-bearer/releases/latest --jq '.tag_name'" (https://api.github.com/repos/auth0/node-oauth2-jwt-bearer/releases/latest)—whose returned value is required and used to populate dependency versions in the agent's instructions, i.e., an external response directly controls the agent's output.