The Agent Skills Directory

Secure Secret Management: The skill provides clear instructions on using the wrangler secret command to manage sensitive information such as GITHUB_CLIENT_SECRET. This prevents credentials from being hardcoded in source code or configuration files.
Input Sanitization and Validation: Documentation and code examples emphasize the importance of sanitizing client-controlled input. It demonstrates using the Zod library for schema validation of tool parameters, which helps mitigate potential injection vulnerabilities in the resulting MCP servers.
Defense-in-Depth for Authentication: The reference material includes detailed implementation guides for security headers (CSP), CSRF protection via secure cookies, and state management in OAuth flows. These practices ensure that servers built using these templates are resilient against common web-based attacks.
Trusted Infrastructure and Tooling: All recommended commands (e.g., npm create cloudflare@latest) and external resource links point to official Cloudflare or Model Context Protocol domains and repositories, ensuring a secure supply chain for developers.

building-mcp-server-on-cloudflare