The Agent Skills Directory

[SAFE]: The skill provides documentation and code examples for implementing webhook handlers. It correctly emphasizes security best practices such as signature verification using HMAC-SHA256 and timing-safe comparisons to prevent timing attacks.
[SAFE]: All environment variable references (e.g., HITPAY_SALT, HITPAY_API_KEY) use placeholders and follow standard secret management practices.
[SAFE]: The script scripts/verify-webhook.sh is benign and only serves to output code samples for different development frameworks.

webhook-handler