authgear-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No evidence of malicious instructions, jailbreak attempts, or safety filter bypasses were detected in the documentation or code comments.
- DATA_EXFILTRATION (SAFE): The skill handles authentication tokens and user information using standard SDK methods. No unauthorized network requests or exfiltration patterns to non-whitelisted domains were found. Sensitive data handling is limited to the intended authentication flow.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets were detected. The skill uses placeholders (e.g., '<CLIENT_ID>', 'your_client_id_here') and explicitly instructs users to manage credentials via environment variables or BuildConfig for enhanced security.
- EXTERNAL_DOWNLOADS (SAFE): The references correctly identify official SDKs from reputable package registries (npm, pub.dev, JitPack). While the 'authgear' organization is not on the predefined trusted list, the packages are well-versioned and standard for the stated purpose of the skill.
- DYNAMIC_EXECUTION (SAFE): No use of eval(), exec(), or other unsafe dynamic code execution patterns was found. The React components use standard hooks and lifecycle methods for state management.
Audit Metadata