postmark-webhooks

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill focuses on legitimate integration with the Postmark email service, providing guidance on webhook setup, payload handling, and security verification.
  • [EXTERNAL_DOWNLOADS]: References the official 'postmark' Node.js library and common frameworks like Express and Flask for building handlers. These are standard industry tools for the stated purpose.
  • [CREDENTIALS_UNSAFE]: Correctly instructs users to manage sensitive data like API tokens and webhook secrets using environment variables (e.g., POSTMARK_SERVER_TOKEN, WEBHOOK_SECRET) rather than hardcoding them in scripts.
  • [DATA_EXFILTRATION]: Network operations are restricted to the official Postmark API domain (api.postmarkapp.com). No suspicious data collection or exfiltration patterns were identified.
  • [COMMAND_EXECUTION]: The provided code snippets demonstrate standard API interactions and HTTP request handling without invoking arbitrary shell commands or unsafe execution patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:52 AM
Security Audit — agent-trust-hub — postmark-webhooks