better-auth
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install
better-authand@better-auth/cli. These packages are not hosted within the predefined list of trusted GitHub organizations or repositories. - [COMMAND_EXECUTION] (MEDIUM): The skill references a Python script (
scripts/better_auth_init.py) for configuration initialization and CLI tools for database migrations. The absence of the Python script's source code prevents a security audit of its runtime behavior. - [PROMPT_INJECTION] (MEDIUM): The skill implements authentication flows that ingest untrusted user data (e.g., email, names, social profiles) which is subsequently written to a database and used for session management. This creates a surface for indirect prompt injection if the agent later processes this stored data.
- Ingestion points: User input fields in
signUp.email,signIn.email, andsignIn.socialmethods. - Boundary markers: No specific boundary markers or 'ignore' instructions for user-provided strings are included in the code snippets.
- Capability inventory: The framework performs database writes, session creation, and executes CLI commands for schema generation.
- Sanitization: The provided examples lack explicit input sanitization or validation logic for the ingested strings.
Audit Metadata