better-auth-knowledge-patch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The references/agent-auth.md file includes an OpenAPI adapter example that directly fetches an arbitrary OpenAPI spec (e.g., fetch("https://api.example.com/openapi.json")) and uses it to generate agent capabilities, meaning untrusted third-party content is ingested at runtime and can materially change the agent's tools and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains an OpenAPI adapter example that performs a runtime fetch of an external spec which is then turned into agent capabilities (e.g., fetch("https://api.example.com/openapi.json")), meaning remote content could directly control agent behavior and is used at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a Stripe billing integration (@better-auth/stripe) and reference material about Stripe billing (subscriptions, org billing, seat pricing, webhooks). This is a specific payment-gateway integration (not a generic API caller or browser automation) and therefore qualifies as direct financial execution capability.