auth0-android
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the latest SDK version information from Auth0's official GitHub repository using the GitHub CLI (
gh). This is a transparent process targeting a well-known service belonging to a trusted organization. - [EXTERNAL_DOWNLOADS]: The provided bootstrap script installs Node.js dependencies from a vendor-specific registry (
a0us.jfrog.io). This registry is consistent with the author's (Auth0) infrastructure and is used to fetch standard CLI utilities required for the bootstrap process. - [COMMAND_EXECUTION]: The bootstrap script (
bootstrap.mjs) automates project configuration by executing the Auth0 CLI (auth0) to create applications and database connections. It also usesnpmfor local dependency management. - [COMMAND_EXECUTION]: The skill instructs the agent to verify the integration by running
./gradlew assembleDebug, which is the standard build and verification command for Android projects. - [SAFE_PRACTICE]: The integration patterns promoted by the skill strictly adhere to security best practices, such as requiring PKCE (Proof Key for Code Exchange) for native authentication, utilizing encrypted credential storage via
SecureCredentialsManager, and enforcing validation of ID token claims.
Audit Metadata