better-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required runtime workflow is the auth route handler (e.g., toNextJsHandler(auth) / toNodeHandler(auth) / auth.handler(...)) which ingests the incoming HTTP request body/headers from the caller; this is outsider-authored free text (user-controlled) that can be parsed and included in LLM context via any downstream logging/AI tooling, so indirect prompt-injection risk exists.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The documentation explicitly lists a scoped package "@better-auth/stripe" described as "Stripe payments". That indicates a dedicated integration for a payment gateway (Stripe), which is a specific tool/API for processing payments and therefore enables direct financial execution capability. Even though the library's primary focus is authentication, the presence of a Stripe payments plugin meets the criteria for direct financial execution.