better-auth
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install well-known and trusted packages from the official NPM registry, such as
better-auth,@auth/drizzle-adapter,drizzle-orm, and official NestJS/Next.js dependencies. No downloads from untrusted or unknown third-party sites were detected. - [PROMPT_INJECTION]: The instructions use standard natural language for developer guidance. No patterns suggesting an attempt to override system prompts, bypass safety filters, or extract sensitive instructions were found.
- [DATA_EXFILTRATION]: No evidence of unauthorized data transfer or exfiltration of sensitive files (e.g., SSH keys, AWS credentials) was found. The skill follows the best practice of using environment variables for secrets and provides a template (
assets/env.example) without hardcoded credentials. - [REMOTE_CODE_EXECUTION]: The skill does not contain dangerous execution patterns like
curl | bashor the use ofeval()on untrusted input. Tool usage is restricted to standard development tasks like database migrations usingdrizzle-kit. - [COMMAND_EXECUTION]: Command usage is limited to standard package management and database migration tools, which are essential for the skill's primary purpose of setting up an authentication system.
- [SAFE]: The skill includes explicit security warnings and best practices, such as requiring HTTPS for production, never committing secrets to version control, and using rate limiting for authentication endpoints.
Audit Metadata