Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-webhooks-events/Gen Agent Trust Hub

customerio-webhooks-events

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill consists of documentation and code templates for integrating with a well-known SaaS provider. No malicious patterns, obfuscation, or unauthorized access attempts were detected.
  • [DATA_EXPOSURE]: The skill correctly instructs users to manage sensitive credentials (such as CUSTOMERIO_TRACK_API_KEY and CUSTOMERIO_WEBHOOK_SECRET) using environment variables rather than hardcoding them.
  • [INDIRECT_PROMPT_INJECTION]: The skill documentation addresses the ingestion of untrusted external data via webhooks. It provides robust mitigation patterns, including HMAC-SHA256 signature verification to ensure authenticity before processing payloads.
  • Ingestion points: Incoming POST requests to the /webhooks/customerio endpoint defined in SKILL.md.
  • Boundary markers: Uses x-cio-signature header with crypto.timingSafeEqual for verification.
  • Capability inventory: Code demonstrates user identification, suppression, and data warehouse streaming via official SDKs.
  • Sanitization: Signature verification is implemented to validate data origin.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:28 PM