nuxt-better-auth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior or bypass safety filters. All instructions are focused on module implementation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive data access patterns were detected. The documentation correctly identifies the use of environment variables like BETTER_AUTH_SECRET with placeholders.
- External Downloads & RCE (SAFE): The skill references standard installations via npm/pnpm for known packages. There are no piped bash scripts or unverified remote execution patterns.
- Indirect Prompt Injection (SAFE): The skill identifies user input surfaces such as redirect parameters. It includes a specific section on 'Safe Redirects' that provides code to validate and sanitize these inputs, demonstrating a security-first approach.
- Persistence and Privilege Escalation (SAFE): No commands for modifying system startup files, cron jobs, or escalating user privileges were found.
- Dynamic Execution (SAFE): No unsafe use of eval(), exec(), or runtime code generation from untrusted sources was identified.
Audit Metadata