authentication
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents industry-standard security practices for authentication, such as using memory-hard hashing algorithms (Argon2id) and timing-safe comparisons for secret verification.
- [SAFE]: Instructions for JWT handling correctly prioritize signature verification and recommend short-lived access tokens combined with rotated refresh tokens in httpOnly cookies to mitigate XSS and token theft.
- [SAFE]: The skill contains accurate warnings about known historical vulnerabilities, such as the Okta 2022 bcrypt truncation incident, and provides remediation strategies for legacy hash migration.
- [SAFE]: Analysis found no evidence of prompt injection, data exfiltration, obfuscation, or remote code execution. External references are limited to well-known APIs (HaveIBeenPwned) and internal documentation.
Audit Metadata