better-auth-setup
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs the agent to fetch content via curl from 'https://fullstackrecipes.com/api/recipes/better-auth-setup' and references an MCP resource URI from the same domain. This domain is not a trusted source, and downloading setup recipes from unverified third parties is a security risk.
- [PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection. (1) Ingestion points: Data enters the agent context through the curl command to an external API. (2) Boundary markers: Absent; the skill does not use delimiters to wrap the fetched content. (3) Capability inventory: The intended use case (setup) requires command execution and file-write permissions. (4) Sanitization: Absent; the fetched content is not validated or filtered before processing.
Audit Metadata