csrf-protection
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a security implementation guide for web developers, providing templates for synchronizer tokens and double-submit cookie patterns.
- [SAFE]: Code snippets utilize secure defaults, such as timing-safe string comparisons via Node.js crypto.timingSafeEqual and Python hmac.compare_digest to prevent side-channel attacks.
- [SAFE]: The implementation guidance correctly identifies and mitigates vulnerabilities by recommending the enforcement of HttpOnly, Secure, and SameSite cookie attributes.
Audit Metadata