editframe-webhooks
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code integration examples for Editframe's webhook API.
- [SAFE]: Proper cryptographic practices are demonstrated, including HMAC-SHA256 signature verification and timing-safe comparisons to ensure payload integrity and authenticity.
- [SAFE]: Security documentation explicitly instructs users on secure secret management, advising against hardcoding and recommending environment variables or secret managers.
- [SAFE]: Automated alerts regarding ngrok subdomains are interpreted as false positives on generic documentation placeholders used in the examples for a well-known local development utility.
- [SAFE]: The skill includes instructions for implementing idempotency and timestamp validation, which are effective defenses against replay attacks and duplicate processing.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata