lucia-auth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The maintenance script
scripts/fetch-resources.shclones documentation from the officiallucia-authandpilcrowOnPaperGitHub repositories. While these are external, they are the authoritative sources for the skill content and the script is intended for developer maintenance rather than runtime execution. - [DATA_EXFILTRATION] (SAFE): The templates include network operations to well-known, legitimate endpoints (api.pwnedpasswords.com, googleapis.com, and github.com) for password safety checks and OAuth flows. These operations are implemented correctly and do not exfiltrate sensitive data.
- [PROMPT_INJECTION] (SAFE): The skill contains instructional guidance for the agent that is aligned with its stated purpose. No behavior overrides or safety bypass attempts were found.
Audit Metadata