github-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements GitHub signature verification using HMAC SHA-256 with timing-safe comparisons (
crypto.timingSafeEqualin Node.js andhmac.compare_digestin Python), protecting against timing attacks. - [SAFE]: Environment variable examples and configuration guides use placeholders for secrets (
your_webhook_secret_here), following safe credential management practices. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the Hookdeck CLI via Homebrew (
hookdeck/hookdeck/hookdeck) for local development. This is a vendor-controlled tool intended for the skill's primary purpose. - [EXTERNAL_DOWNLOADS]: The provided implementation examples include standard dependencies from official registries (npm and PyPI), such as
express,next, andfastapi.
Audit Metadata