implementing-scalekit-go-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes runtime calls to external Scalekit/IdP services and ingests JWTs and claims (e.g., AuthenticateWithCode/resp.AccessToken in CallbackHandler, ValidateAccessToken/RefreshAccessToken and decodeJWTPayload in SessionHandler, and GetIdpInitiatedLoginClaims using c.Query("idp_initiated_login") in IdpInitiatedLoginHandler), and those untrusted third-party/user-issued claims are parsed and used to drive redirects and authorization decisions.