auth-md
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill is a documentation and utility tool for the auth.md protocol. A thorough review of all instructions and reference files reveals no malicious intent, obfuscation, or safety bypass attempts.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch the latest protocol specifications from well-known services such as WorkOS and auth-md.com. These downloads are restricted to Markdown-based documentation and are used to ensure the agent uses the most current standards.
- [PROMPT_INJECTION]: No prompt injection or jailbreak patterns were detected. The instructions maintain a professional focus on protocol validation and generation without attempting to subvert agent constraints.
- [DATA_EXFILTRATION]: While the skill includes workflows to scan codebase structures for API discovery, it does not contain mechanisms to exfiltrate this data. All identified network operations are directed at official protocol resources or public documentation.
- [CREDENTIALS_UNSAFE]: The reference files contain numerous examples of tokens and API keys such as 'acme_key_test_EXAMPLE'. These are clearly documented as non-functional examples for illustrative purposes, and no real credentials or sensitive configuration files are accessed or hardcoded.
Audit Metadata