sendgrid-webhooks
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides secure implementation patterns for webhook handling, specifically emphasizing the use of ECDSA signature verification to validate the authenticity and integrity of incoming data from SendGrid.
- [EXTERNAL_DOWNLOADS]: Recommends installing the Hookdeck CLI tool via Homebrew for local testing. This utility is provided by the skill author for debugging webhook integrations.
- [CREDENTIALS_UNSAFE]: Hardcoded Elliptic Curve private and public keys are present within the test files (
test_webhook.py,webhook.test.js,webhook.test.ts). These are clearly identified as test assets for unit testing the signature verification logic and are not production credentials. - [PROMPT_INJECTION]: The skill defines handlers for external webhook data, creating an indirect prompt injection surface.
- Ingestion points: The
POST /webhooks/sendgridendpoint across all implementation examples. - Boundary markers: Implements ECDSA signature verification to authenticate the request source.
- Capability inventory: Handlers are limited to logging and status-tracking logic; no shell execution or dynamic evaluation is performed on the data.
- Sanitization: Employs JSON parsing with error handling to validate payload structure.
Audit Metadata