The Agent Skills Directory

[SAFE]: The skill serves as an architectural blueprint for backend developers and does not contain any malicious executable code or instructions.
[SAFE]: Promotes cryptographic best practices by recommending HMAC-SHA256 for payload signing and timestamping to mitigate replay attacks.
[SAFE]: Includes specific security advice to prevent timing attacks by using timingSafeEqual for signature verification.
[SAFE]: Identifies Server-Side Request Forgery (SSRF) as a critical failure mode and recommends validating that target URLs do not resolve to internal or private IP ranges.
[SAFE]: Advises on secure secret management, suggesting that endpoint secrets be stored using encryption or a dedicated secret manager rather than in plaintext.

webhook-system