nextjs-authentication
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- Data Exposure & Exfiltration (LOW): The configuration examples for GitHub, Google, and Discord include the 'allowDangerousEmailAccountLinking: true' setting. This feature allows account linking based on email address without verification from the provider, which can be exploited for account takeover if an attacker can control an email on a linked provider.
- Data Exposure & Exfiltration (LOW): The JWT callback implementation performs a network request to 'https://oauth2.googleapis.com/token' to refresh access tokens. While this is a legitimate OAuth flow, the domain is not included in the pre-approved whitelist for network operations.
Audit Metadata