poke-webhooks
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill emphasizes secure credential management, directing users to store sensitive tokens and API keys in environment variables or dedicated secret managers rather than hardcoding them.
- [SAFE]: The instructions in 'references/payload-shape.md' include explicit safety guidelines to exclude secrets and PII from webhook payloads, which is a critical practice for preventing data leaks.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or unauthorized remote code execution were identified in the implementation snippets provided for Vercel, GitHub Actions, or cron jobs.
- [SAFE]: The network operations documented (via the 'poke' SDK and 'curl') are restricted to the intended webhook functionality and do not exhibit signs of data exfiltration.
Audit Metadata