better-auth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 2: Data Exposure & Exfiltration (SAFE): The documentation correctly identifies the need for secrets like 'BETTER_AUTH_SECRET' but uses placeholders and environment variables (e.g., process.env.GITHUB_CLIENT_SECRET) rather than hardcoding credentials.\n- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): Installation instructions point to the legitimate 'better-auth' npm package. Commands such as 'npx @better-auth/cli' are standard for the framework's operation and do not involve piped remote execution.\n- Category 7: Metadata Poisoning (SAFE): Skill metadata is consistent with the provided documentation and library purpose.\n- General Observation: A Python initialization script is referenced in the documentation but was not included in the provided files; however, the associated 'requirements.txt' contains only standard testing utilities (pytest).
Audit Metadata