better-auth
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational reference and template provider for the 'Better Auth' library, promoting the use of standard security middlewares.
- [PROMPT_INJECTION]: The metadata description includes discovery-focused steering instructions ('ALWAYS LOAD THIS SKILL when user asks about: auth...') which are intended to provide relevant context to the agent rather than bypassing security protocols or overriding core safety guidelines.
- [CREDENTIALS_UNSAFE]: The provided code snippets demonstrate secure practices by referencing environment variables (e.g., BETTER_AUTH_SECRET, BETTER_AUTH_URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) instead of using hardcoded plaintext credentials.
- [COMMAND_EXECUTION]: No patterns for shell command execution, subprocess calls, or unauthorized system access were identified in the skill content.
- [EXTERNAL_DOWNLOADS]: The skill references standard library imports from established npm packages (e.g., better-auth) and local project modules (@project/common), which is consistent with its stated purpose.
Audit Metadata