webhook-dx-audit

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Comprehensive analysis of the skill's instructions, scripts, and schemas confirms that it operates as intended for its stated purpose. It focuses on data collection, scoring against a rubric, and report generation.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes established and trusted Node.js libraries for its linter, including ajv for schema validation and js-yaml for YAML parsing. It refers to legitimate external sites such as eventdestinations.org for industry benchmarking.
  • [COMMAND_EXECUTION]: The linter script (scripts/lint-audit.mjs) is a utility for validating the output YAML files. It is invoked via standard npm scripts and performs safe file system operations to read local schemas and audit files.
  • [PROMPT_INJECTION]: The SKILL.md file provides detailed instructional guidance for the agent's persona. It does not contain any attempts to bypass safety filters, jailbreak the model, or exfiltrate system instructions.
  • [DATA_EXFILTRATION]: The skill is designed to handle audit data locally. While it instructs the agent to capture webhook payloads, this data is structured into local audit files for the user's review and is not transmitted to unauthorized third-party servers.
  • [DYNAMIC_CONTEXT_INJECTION]: The skill does not utilize any dynamic shell execution placeholders within its markdown instructions that could be exploited for command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:02 AM
Security Audit — agent-trust-hub — webhook-dx-audit