auth-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or unauthorized data exfiltration techniques were detected.
- [Authentication Standards] (INFO): The skill correctly implements and promotes modern security standards:
- Password Security: Recommends Argon2id over older algorithms like bcrypt or SHA-256.
- OAuth 2.1: Mandates Proof Key for Code Exchange (PKCE) and deprecates insecure grants (Implicit/Password).
- Token Management: Implements short-lived JWT access tokens and secure refresh token rotation flows.
- [Credential Safety] (INFO): Code templates consistently use environment variable lookups (e.g.,
os.environ.get("JWT_SECRET_KEY")) for secrets rather than hardcoded values. - [Defensive Headers & Config] (INFO): Includes comprehensive examples for security headers (HSTS, CSP, X-Frame-Options) and secure session cookie configurations (HTTPOnly, Secure, SameSite=Strict).
- [Infrastructure Hygiene] (INFO): Properly addresses rate limiting for sensitive endpoints like login and password resets using Redis-backed implementation patterns.
Audit Metadata