better-auth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues were identified in the analyzed content. The skill consists of legitimate documentation, configuration examples, and environment setup guides for the Better Auth authentication framework.\n- Indirect Prompt Injection (SAFE): The skill documentation describes patterns for ingesting and mapping external user profile data from OAuth providers (e.g., GitHub, Google).\n
- Ingestion points: OAuth profile mapping logic in
references/oauth-providers.md.\n - Boundary markers: Absent in provided code snippets.\n
- Capability inventory: Documentation mentions shell commands (
npm,npx) for package management and database migrations inSKILL.md.\n - Sanitization: Implementation dependent; example logic shows raw data mapping to user fields, which is standard for authentication setups but relies on downstream sanitization.
Audit Metadata