authentication

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "ASWebAuthenticationSession (OAuth)" section (SKILL.md) explicitly opens external provider URLs (e.g., https://provider.com/oauth/authorize) via ASWebAuthenticationSession and parses callback URLs/authorization codes as part of its auth flow, which means it fetches and interprets content from third-party web sites that can materially influence subsequent actions.