security-auth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains instructions that reinforce security best practices and does not attempt to bypass safety guidelines or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file access patterns were found. The examples for 'bad' code use dummy values, and 'good' code templates correctly utilize environment variables.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Referenced libraries such as next-auth, bcrypt, zod, and @upstash/ratelimit are well-known, industry-standard packages. No remote scripts are downloaded or executed.
- [Dynamic Execution] (SAFE): The code snippets provided do not use unsafe execution patterns like eval() or runtime compilation. It correctly recommends constant-time comparison for token validation.
Audit Metadata