kinde

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and interpreting content from external Kinde tenant endpoints (e.g., GET https://.kinde.com/.well-known/jwks, /oauth2/user_profile, and the management API at https://.kinde.com/api/v1) as part of token validation, permission/feature-flag checks, and runtime decision-making, which are untrusted third-party sources that can materially influence agent behavior.