oauth-flow
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational resource and implementation template for secure authentication workflows. It correctly identifies and mitigates common OAuth vulnerabilities like implicit flow usage, missing state parameters, and client secret exposure in front-end code.
- [PROMPT_INJECTION]: No malicious instructions, behavioral overrides, or safety bypass patterns were detected in the skill instructions or reference documentation.
- [DATA_EXFILTRATION]: There are no hardcoded credentials or unauthorized data collection mechanisms. The code templates use industry-standard practices such as environment variables for secrets and secure storage for session state.
- [EXTERNAL_DOWNLOADS]: The skill references standard OpenID Connect discovery endpoints and official provider URLs (e.g., Google, Microsoft, GitHub). These are well-known technology services and represent legitimate integration targets for the described functionality.
- [COMMAND_EXECUTION]: No shell commands, system calls, or dynamic code execution patterns are present in the documentation or scripts.
Audit Metadata