gitlab-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides well-documented and secure implementations for receiving GitLab webhooks. It explicitly demonstrates how to perform timing-safe token comparison to prevent timing attacks, which is the correct security practice for this use case.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or sensitive tokens were found. The skill correctly instructs users to generate unique tokens locally using cryptographically secure methods (e.g., openssl) and store them in environment variables.
- [EXTERNAL_DOWNLOADS]: The skill references the 'hookdeck' CLI for local testing. This is a tool provided by the vendor 'hookdeck', the author of the skill. Other dependencies listed in the example projects are standard libraries from official registries (npm and PyPI).
- [COMMAND_EXECUTION]: The skill does not contain any suspicious or arbitrary command execution patterns. Instructions for local development use standard project setup commands and vendor-specific tooling intended for the skill's stated purpose.
Audit Metadata