auth
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes a proactive "Security Checklist" (Step 0) that instructs the agent to verify critical security measures before proceeding, including bcrypt/argon2 hashing, HTTPOnly cookies, CSRF protection, and rate limiting.
- [SAFE]: The payment implementation guidelines explicitly prohibit storing sensitive card information on the server and mandate the use of official SDKs and Webhook signature verification, aligning with PCI-DSS best practices.
- [SAFE]: The skill leverages well-known technology services (Clerk, Supabase Auth, and Stripe) for security-sensitive operations rather than implementing custom, potentially vulnerable protocols.
- [SAFE]: Instructions include information leakage prevention by advising the use of vague error messages to avoid revealing account existence or password validity to potential attackers.
Audit Metadata