Skills
skills/lytics/agent-skills/webhook-template-builder/Gen Agent Trust Hub

webhook-template-builder

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to retrieve API documentation from external URLs provided by the user. This is a core part of the 'build' workflow to extract payload structures and authentication requirements.
  • [COMMAND_EXECUTION]: Employs a local python3 one-liner to perform URL encoding on JSON strings before they are sent to the Lytics API in the query string. This is a standard utility usage for data formatting.
  • [PROMPT_INJECTION]: As the skill ingests content from external documentation sites to inform its code generation process, it possesses an indirect prompt injection surface. This is mitigated by the 'Research-Driven Authoring Flow' which includes explicit steps (Step 4 and Step 7) to surface inferred configurations and drafted code to the user for review before any state-changing API calls are made.
  • [SAFE]: All write operations (create, update, delete) and the final 'save' in the build workflow are protected by a confirmation-gate pattern, requiring explicit user approval before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 05:39 PM
Security Audit — agent-trust-hub — webhook-template-builder