The Agent Skills Directory

[SAFE]: The skill explicitly instructs the agent to implement HMAC-SHA256 signature verification (e.g., Stripe-Signature, X-Hub-Signature-256) to ensure the authenticity of incoming webhook requests.
[SAFE]: It promotes the use of idempotency keys and storage (Redis/Database) to prevent replay attacks and duplicate processing of the same event.
[SAFE]: The implementation guide includes mandatory steps for input validation and schema enforcement to protect against malformed payloads.
[SAFE]: Asynchronous processing is recommended to prevent gateway timeouts, which helps maintain service availability and resilience against Denial of Service (DoS) via slow-processing payloads.

creating-webhook-handlers