postmark-webhooks
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill focuses on legitimate integration with the Postmark email service, providing guidance on webhook setup, payload handling, and security verification.
- [EXTERNAL_DOWNLOADS]: References the official 'postmark' Node.js library and common frameworks like Express and Flask for building handlers. These are standard industry tools for the stated purpose.
- [CREDENTIALS_UNSAFE]: Correctly instructs users to manage sensitive data like API tokens and webhook secrets using environment variables (e.g.,
POSTMARK_SERVER_TOKEN,WEBHOOK_SECRET) rather than hardcoding them in scripts. - [DATA_EXFILTRATION]: Network operations are restricted to the official Postmark API domain (
api.postmarkapp.com). No suspicious data collection or exfiltration patterns were identified. - [COMMAND_EXECUTION]: The provided code snippets demonstrate standard API interactions and HTTP request handling without invoking arbitrary shell commands or unsafe execution patterns.
Audit Metadata