webhook-dx-audit
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the skill's instructions, scripts, and schemas confirms that it operates as intended for its stated purpose. It focuses on data collection, scoring against a rubric, and report generation.
- [EXTERNAL_DOWNLOADS]: The skill utilizes established and trusted Node.js libraries for its linter, including
ajvfor schema validation andjs-yamlfor YAML parsing. It refers to legitimate external sites such aseventdestinations.orgfor industry benchmarking. - [COMMAND_EXECUTION]: The linter script (
scripts/lint-audit.mjs) is a utility for validating the output YAML files. It is invoked via standard npm scripts and performs safe file system operations to read local schemas and audit files. - [PROMPT_INJECTION]: The
SKILL.mdfile provides detailed instructional guidance for the agent's persona. It does not contain any attempts to bypass safety filters, jailbreak the model, or exfiltrate system instructions. - [DATA_EXFILTRATION]: The skill is designed to handle audit data locally. While it instructs the agent to capture webhook payloads, this data is structured into local audit files for the user's review and is not transmitted to unauthorized third-party servers.
- [DYNAMIC_CONTEXT_INJECTION]: The skill does not utilize any dynamic shell execution placeholders within its markdown instructions that could be exploited for command injection.
Audit Metadata