betterauth-fastapi-jwt-bridge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns, prompt injections, or security vulnerabilities were detected across the analyzed files.
- Authentication & Authorization (SAFE): The skill includes robust security measures.
assets/auth_dependencies.pyimplementsverify_user_access, which ensures users can only access resources belonging to their own UUID, effectively preventing Insecure Direct Object Reference (IDOR) attacks. - JWT Verification (SAFE):
assets/jwt_verification.pyproperly verifies JWT signatures using public keys fetched from a JWKS endpoint, validates standard claims (issuer, audience, expiration), and uses the modern EdDSA algorithm. - Data Handling (SAFE): Database migrations in
assets/better_auth_migrations.pyfollow standard Alembic/SQLAlchemy patterns. There is no evidence of hardcoded credentials or unsafe data processing.
Audit Metadata