The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions found attempting to override agent behavior, bypass safety filters, or extract system prompts. Instructional language is strictly technical and educational.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file access patterns were detected. Examples consistently use environment variables and placeholders for secrets such as DATABASE_URL and BETTER_AUTH_SECRET.\n- [Obfuscation] (SAFE): No use of Base64-encoded commands, zero-width characters, homoglyphs, or other obfuscation techniques. All code and documentation are in plain text.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Dependencies mentioned are standard, reputable packages (e.g., better-auth, drizzle-orm, prisma). No scripts attempt to download and pipe remote content into a shell.\n- [Indirect Prompt Injection] (INFO): The skill provides utility scripts that ingest external input: test-auth-health.sh (Base URL) and validate-config.ts (Config path). These represent a theoretical ingestion surface; however, their capabilities (curl requests and local file reading) are transparently implemented as developer-controlled validation tools and do not represent a malicious pattern.

better-auth