webhook-integration

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides standard security best practices for webhook integration, including HMAC signature verification using constant-time comparisons (timingSafeEqual) to prevent timing attacks.
  • [SAFE]: The provided code examples use standard Node.js built-in modules (crypto) and documented integration patterns (Shared-Secret HMAC, SDK-based, and Round-Trip Verification).
  • [SAFE]: Network operations (fetch) are limited to the legitimate purpose of performing round-trip verification with a third-party provider's API.
  • [SAFE]: The skill correctly handles raw request bodies for signature verification before parsing JSON, preventing common signature mismatch vulnerabilities and re-serialization issues.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:35 AM
Security Audit — agent-trust-hub — webhook-integration