better-auth
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): A significant indirect prompt injection surface was identified. 1. Ingestion points: sign-up/sign-in methods and OAuth profiles (e.g., signUp.email, mapProfile). 2. Boundary markers: Absent in provided templates. 3. Capability inventory: Database migrations (npx @better-auth/cli migrate) and file generation (npx @better-auth/cli generate). 4. Sanitization: Not explicitly implemented in the skill.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill instructs the installation of the better-auth package and its CLI; as the source organization is not on the trusted list, these are considered unverifiable external dependencies.
- [Command Execution] (MEDIUM): Skill documentation recommends running CLI commands from the better-auth package, which involves executing code from an unverified external source.
- [Metadata Poisoning] (LOW): The referenced setup script 'scripts/better_auth_init.py' is missing from the package, which is a minor metadata inconsistency.
Recommendations
- AI detected serious security threats
Audit Metadata