heartwood-auth
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill documentation includes absolute local filesystem paths:
/Users/autumn/Documents/Projects/GroveAuth/GROVEAUTH_SPEC.mdand/Users/autumn/Documents/Projects/GroveAuth/docs/OAUTH_CLIENT_SETUP.md. While these appear to be internal development references, they expose the directory structure and username of the developer's environment. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted external data, creating an indirect prompt injection surface.
- Ingestion points: Authentication session tokens are read from cookies (
better-auth.session_token), and structured data is fetched from the Heartwood API (auth-api.grove.place). - Boundary markers: Code snippets do not demonstrate the use of delimiters or specific instructions to ignore embedded commands within the processed authentication data.
- Capability inventory: The skill utilizes network capabilities via the
fetchAPI and interacts with application state (event.locals). - Sanitization: The provided examples do not include explicit sanitization or validation logic for the user and session data returned from the API.
- [SAFE]: All referenced network domains (
heartwood.grove.place,auth-api.grove.place) belong to the vendor's ecosystem. - [SAFE]: The software package referenced (
@autumnsgrove/lattice) is a vendor-owned resource consistent with the author's identity.
Audit Metadata