discord-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements best practices for webhook security by using Ed25519 signature verification. It correctly instructs users to use the raw request body for verification to avoid issues with JSON re-serialization.
- [EXTERNAL_DOWNLOADS]: The skill references legitimate libraries (discord-interactions, PyNaCl, tweetnacl) and the author's own CLI tool (hookdeck-cli). While some version numbers in the examples (e.g., next@^16.2.6, jest@^30.4.2) appear to be non-existent or futuristic, no malicious typosquatting was identified.
- [DATA_EXFILTRATION]: No hardcoded credentials or unauthorized data transmission patterns were found. Environment variables are correctly handled via placeholders.
- [PROMPT_INJECTION]: No prompt injection attempts or bypasses of safety guidelines were detected in the instructions.
Audit Metadata