better-auth
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted external data and has significant write/execute capabilities. \n
- Ingestion points: Step 2 and Step 3 load data from project_overview.md, common_patterns.md, and project-specific context. \n
- Boundary markers: Absent. No delimiters are specified to protect the agent's logic from instructions embedded in context files. \n
- Capability inventory: Generates security-critical authentication logic, OAuth provider configurations, and database migration files (e.g., via drizzle-kit). \n
- Sanitization: Absent. No sanitization or validation of external context data is performed before interpolation into generated code. \n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install several Node.js packages (better-auth, drizzle-orm, drizzle-kit, kysely) that are not on the trusted source list. The absence of version pinning increases the risk of dependency-related attacks.
Recommendations
- AI detected serious security threats
Audit Metadata