SKILL-097 Emails and notifications Locked skill

Verification and reset emails

The email is the only place the raw token ever appears; the database stores its hash, and the copy never confirms whether an account exists.

Unlock download Unlock downloads

What this skill helps you build

Build and send the verify-email and password-reset messages that carry a single-use, expiring, hashed token — without leaking who has an account.

The production takeaway

The email is the only place the raw token ever appears; the database stores its hash, and the copy never confirms whether an account exists.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Emails and notifications

What this helps you build

The two transactional emails almost every app sends — verify your email and reset your password — built so they are actually safe. Each message carries a one time link with a high

🔒

Emails and notifications

When to use this

Reach for this whenever your app emails a link that grants the recipient some privilege by clicking it: Email verification after sign up or when a user changes their address. Passw

🔒

Emails and notifications

The core idea

A verification or reset email is a bearer token delivered out of band . Whoever holds the link can act, so the link must be hard to guess, usable once, and short lived. The single

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library