line-liff
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation repository for the official LINE Front-end Framework (LIFF). It references official SDKs and APIs hosted on trusted domains such as line.me, line-scdn.net, and the official LINE GitHub organization.
- [SAFE]: Comprehensive security guidelines are provided, including instructions on protecting the Channel Secret, performing server-side JWT verification using HMAC-SHA256, and avoiding the logging of sensitive redirect URLs that contain access tokens.
- [SAFE]: Environment variables listed (e.g., LIFF_ID, CHANNEL_ACCESS_TOKEN) are correctly identified as placeholders for user-provided configuration and do not contain hardcoded credentials.
- [SAFE]: Development tools mentioned, such as the LIFF CLI and create-liff-app, are official packages from the @line namespace on NPM.
- [SAFE]: The skill uses clear, instructional language and does not contain any detected prompt injection, obfuscation, or malicious persistence mechanisms.
Audit Metadata