spectacles-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens arbitrary OAuth provider authorization URLs with DeepLinkModule.openUri, parses the provider-controlled redirect URI via DEEPLINK.onUriReceived, and calls third-party token endpoints with InternetModule.fetch (see SKILL.md and references/OAuth2.md), so untrusted external content directly influences the agent's authorization flow and subsequent actions.