The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs users to install standard Go dependencies including the official Scalekit SDK (github.com/scalekit-inc/scalekit-sdk-go/v2) and well-known community packages like gin and jwt/v5. All sources are reputable and align with the skill's stated purpose.
[DATA_EXPOSURE]: The implementation handles sensitive authentication materials such as access tokens, refresh tokens, and client secrets. It correctly recommends using environment variables for secrets and provides specific guidance on using HttpOnly and Secure cookie flags to protect tokens in transit and at rest in the browser.
[SAFE]: The code examples incorporate several critical security controls:
CSRF Protection: Implements a state parameter containing a random token to prevent Cross-Site Request Forgery during the OAuth2 flow.
Open Redirect Prevention: Includes logic to validate the 'next' parameter, ensuring it is a relative path to prevent attackers from using the application as an open redirector.
Session Security: Specifically recommends SameSite=Lax and no-store Cache-Control headers to prevent session leakage and back-button vulnerabilities.

implementing-scalekit-go-auth