The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interacts with official and trusted Google OAuth 2.0 endpoints (accounts.google.com and googleapis.com) for authentication and user profile retrieval, which is the primary purpose of the skill.- [SAFE]: Sensitive credentials such as Google Client IDs and Secrets are managed through Cloudflare's secret management system rather than being hardcoded in the source code.- [SAFE]: The provided templates implement industry-standard security controls, including HttpOnly cookies with the __Host- prefix for CSRF protection, session binding via SHA-256 hashing to prevent token theft, and one-time-use state management stored in Cloudflare KV.- [SAFE]: Input sanitization is applied to external data retrieved from OAuth providers (e.g., client names and logos) before rendering them in the HTML-based approval dialogs to mitigate potential injection or XSS risks.- [SAFE]: The skill relies on established, reputable dependencies such as the official Model Context Protocol SDK, Cloudflare's OAuth provider package, and the Hono web framework.

MCP OAuth Cloudflare