webhook-integration
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard security best practices for webhook integration, including HMAC signature verification using constant-time comparisons (
timingSafeEqual) to prevent timing attacks. - [SAFE]: The provided code examples use standard Node.js built-in modules (
crypto) and documented integration patterns (Shared-Secret HMAC, SDK-based, and Round-Trip Verification). - [SAFE]: Network operations (
fetch) are limited to the legitimate purpose of performing round-trip verification with a third-party provider's API. - [SAFE]: The skill correctly handles raw request bodies for signature verification before parsing JSON, preventing common signature mismatch vulnerabilities and re-serialization issues.
Audit Metadata