better-auth
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the
better-authand@better-auth/clipackages via npm. As these do not originate from the defined list of trusted organizations, they are classified as unverifiable dependencies. - COMMAND_EXECUTION (LOW): The documentation includes instructions to execute CLI tools using
npxfor managing database schemas, which involves running external code. - NO_CODE (LOW): The main
SKILL.mdfile references an initialization script atscripts/better_auth_init.pythat was not included in the provided files, preventing a full security audit of its functional logic. - CREDENTIALS_UNSAFE (SAFE): Documentation examples use placeholders for sensitive environment variables like
BETTER_AUTH_SECRETand OAuth secrets. - PROMPT_INJECTION (SAFE): No malicious instructions or safety filter bypass attempts were detected in the skill files.
Audit Metadata