better-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill documentation (references/authentication.md) explicitly shows using genericOAuth with a discoveryUrl (e.g., "https://provider.com/.well-known/openid-configuration"), which means the runtime will fetch and parse OpenID Connect provider metadata from arbitrary third‑party URLs — untrusted external content that the system reads and that can materially change authentication behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists a scoped package "@better-auth/stripe" described as "Stripe payments" — a specific payment-gateway integration. Even though the core library is for auth, the presence of a dedicated Stripe payments integration is a clear, specific financial tool (payment gateway) and therefore meets the Direct Financial Execution criteria.