migrate-to-better-auth
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands to verify the migration, including
npx tsc --noEmitandnpm test. It also provides acurlcommand targetinglocalhost:3000to perform a smoke test on the new authentication endpoints, which is a standard practice for local development validation.\n- [EXTERNAL_DOWNLOADS]: The skill points users to the official documentation atbetter-auth.comand utilizes the library's official CLI vianpx @better-auth/clifor schema generation. These references target the legitimate infrastructure of the 'better-auth' project.\n- [PROMPT_INJECTION]: As a migration tool, the skill naturally ingests existing project code to generate refactoring plans, which constitutes a surface for indirect prompt injection.\n - Ingestion points: The skill audits the existing authentication library configuration, database schema files, and seed data scripts to build a migration context (SKILL.md).\n
- Boundary markers: No specific delimiters or instructions are used to separate user-provided code from the agent's internal instructions.\n
- Capability inventory: The skill uses the
/refactor-codebasetool to write files and executes local shell commands for project testing (SKILL.md).\n - Sanitization: The skill does not describe any specific sanitization or validation logic for the code it reads before processing it.\n- [SAFE]: The
REFERENCE.mdfile follows secure practices for managing environment variables by using descriptive placeholders (e.g.,BETTER_AUTH_SECRET=) and explicitly warning users to keep these values private, rather than hardcoding sensitive credentials.
Audit Metadata