The Agent Skills Directory

[SAFE]: The skill implements robust security measures for authentication and authorization. It provides code for password hashing using bcrypt with an appropriate cost (12), uses generic error messages during login to prevent account enumeration, and includes IP-based rate limiting to mitigate brute-force attacks.
[EXTERNAL_DOWNLOADS]: The skill references well-known and trusted Go packages (such as golang-jwt, google/uuid, and golang.org/x/crypto). It includes standard implementation patterns for fetching user profiles from official GitHub and Google APIs and verifying CAPTCHA tokens via Google and hCaptcha.
[CREDENTIALS_UNSAFE]: The instructions emphasize the importance of never hardcoding secrets. It provides patterns for loading JWT signing keys and OAuth2 client secrets from environment variables and recommends the use of httpOnly, Secure, and SameSite cookies for sensitive token storage.
[DATA_EXFILTRATION]: No malicious data exfiltration patterns were detected. Network operations are limited to authenticated interactions with trusted OAuth2 and CAPTCHA providers as part of the primary skill functionality.

golang-gin-auth