auth-state-sync
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate code patterns for handling authentication state in web applications. It correctly identifies security considerations such as token storage (localStorage vs. httpOnly cookies) and race conditions during token refresh.
- [SAFE]: The code utilizes standard web APIs (BroadcastChannel, window.addEventListener('storage')) to communicate between browser tabs on the same origin.
- [SAFE]: The skill references the 'jwt-decode' library, which is a standard, well-known utility for parsing JSON Web Tokens. It does not attempt to execute remote scripts or download unverified code.
- [SAFE]: No evidence of data exfiltration, credential harvesting, or prompt injection was found. The patterns described are educational and align with common frontend development workflows.
Audit Metadata