resend-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides templates and implementation guides for Resend webhooks. All code snippets for signature verification use industry-standard practices, specifically HMAC-SHA256 with timing-safe comparison to prevent side-channel attacks.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Hookdeck CLI via Homebrew (
brew install hookdeck/hookdeck/hookdeck) for local testing. This is the official tool from the skill's author and is a standard development practice. - [CREDENTIALS_UNSAFE]: Environment variable examples and test files use placeholders (
re_your_api_key_here,whsec_...) or explicitly marked test keys (test_secret_key_for_testing). No real secrets are exposed.
Audit Metadata