implementing-scalekit-laravel-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and processes untrusted third-party auth data from the configured SCALEKIT_ENV_URL (see ScalekitClient methods like exchangeCodeForTokens, getUserInfo, validateTokenAndGetClaims and the callback flow that decodes/merges ID/access token claims and uses hasPermission), and those claims directly control permission checks and request routing (and JWTs are decoded without signature verification), so external content can materially influence agent behavior.