better-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow includes social OAuth and generic-OAuth discovery/userinfo fetches (see SKILL.md socialProviders sections and references/cloudflare-worker-drizzle.ts / references/cloudflare-worker-kysely.ts) which ingest public third-party user profile and discovery JSON (user-generated/untrusted) and use that data to create sessions and drive authorization flows, so external content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a "Stripe" plugin and repeatedly references Stripe-specific payment/subscription functionality (e.g., "Stripe: Payment and subscription management", "Stripe enhancements
• Flexible subscription lifecycle, disableRedirect option", and "Stripe" listed under Advanced Plugins). Stripe is a payment gateway; this is a specific financial integration (not a generic HTTP or browser tool). Because it exposes payment/subscription management capabilities tied to a concrete gateway, it grants direct financial execution authority.