novu-inbox-integration
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill implements security-by-design by instructing developers to use HMAC (Hash-based Message Authentication Code) for subscriber authentication, effectively preventing identity impersonation in production environments.
- [SAFE]: Multi-tenant security is addressed through the use of canonicalized context hashes, ensuring that notification data remains isolated and tamper-resistant across different application environments or tenants.
- [SAFE]: Documentation provides critical security advisories concerning Cross-Site Scripting (XSS), specifically when using React's dangerouslySetInnerHTML for custom notification rendering, advising use only with trusted payloads.
- [EXTERNAL_DOWNLOADS]: Integration instructions involve standard installation of official vendor-supported packages (@novu/react, @novu/nextjs, @novu/js) from the public NPM registry.
Audit Metadata