fusionauth-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements robust security practices by requiring and demonstrating cryptographic signature verification (HS256/384/512) for all incoming webhook events using the 'jose' and 'PyJWT' libraries.
- [SAFE]: Code examples correctly emphasize the use of raw request bodies for signature verification to prevent tampering or parsing issues.
- [SAFE]: All external resource references, such as the Hookdeck CLI and GitHub repositories, are official vendor resources belonging to the skill's author ('hookdeck').
- [SAFE]: Dependency manifests (package.json, requirements.txt) contain only standard, well-known libraries from official registries at appropriate versions.
- [SAFE]: Environment variable management follows industry standards, using placeholders for secrets and recommending '.env' files for local configuration.
Audit Metadata