webhook-setup
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides comprehensive instructions for building secure webhook receivers, correctly emphasizing the use of HTTPS and environment variables for secret management.\n- [SAFE]: Cryptographic signature verification is implemented using best practices, including constant-time comparisons and using the raw request body to prevent authentication bypass.\n- [SAFE]: Idempotency logic using unique event IDs and database transactions effectively prevents duplicate processing and ensures system reliability.\n- [PROMPT_INJECTION]: The skill ingests external data from webhook providers, creating a potential surface for indirect prompt injection where malicious instructions could be embedded in event payloads.\n
- Ingestion points: External payloads are received via HTTP POST endpoints (e.g., /webhooks/stripe, /webhooks/github) defined in SKILL.md.\n
- Boundary markers: The instructions do not specify explicit delimiters or isolation instructions to separate untrusted payload content from agent logic.\n
- Capability inventory: Code examples demonstrate capabilities to perform database writes (pg), update orders, and trigger CI pipelines based on payload content.\n
- Sanitization: SQL injection is mitigated via parameterized queries, but there is no explicit sanitization or filtering for natural language instructions within the JSON payload fields.
Audit Metadata