Skills
skills/hookdeck/webhook-skills/mailgun-webhooks/Gen Agent Trust Hub

mailgun-webhooks

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides secure implementation patterns for verifying Mailgun webhooks, which differ from other providers by placing the signature within the request body.
  • [SAFE]: Code examples correctly implement timing-safe equality checks (crypto.timingSafeEqual in Node.js and hmac.compare_digest in Python) to mitigate timing attacks during signature verification.
  • [SAFE]: Documentation and code examples promote the use of environment variables for storing sensitive Mailgun signing keys, following standard security practices.
  • [SAFE]: The skill provides guidance on preventing replay attacks by caching and checking the unique token provided in each Mailgun webhook payload.
  • [EXTERNAL_DOWNLOADS]: The README files reference npx hookdeck-cli for local development. This is a legitimate tool provided by the author (Hookdeck) and is used for its intended purpose of tunneling webhooks for testing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:14 AM