implementing-passwordless-authentication-with-fido2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts/agent.py includes check_rp_config(), which runs curl against a user-supplied rp_url (fetching /.well-known/webauthn), parses that arbitrary public JSON, and incorporates its findings into the generated audit report—so untrusted third-party content can directly influence the agent's outputs and decisions.