implementing-scalekit-fastapi-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests external, untrusted content from the Scalekit environment (configured via SCALEKIT_ENV_URL) using scalekit_client.exchange_code_for_tokens, get_user_info, and validate_access_token in /auth/callback and related flows, and those returned claims/roles/permissions are directly used for permission checks and routing (e.g., has_permission, require_permission), so third-party data can materially influence behavior.