Skills
skills/simota/agent-skills/relay/Gen Agent Trust Hub

relay

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a comprehensive framework for building messaging adapters for platforms like Slack, Discord, and Telegram, prioritizing transport-level reliability and data integrity.
  • [SAFE]: it mandates industry-standard security measures for webhooks, including HMAC-SHA256 verification using raw request bytes and timing-safe comparison logic (e.g., crypto.timingSafeEqual) to prevent timing attacks.
  • [SAFE]: The instructions emphasize proper secret management, explicitly warning against hardcoding credentials and recommending the use of environment variables or secret managers.
  • [SAFE]: The skill identifies and provides mitigation guidance for potential security risks such as replay attacks (via timestamp validation windows) and injection risks in third-party markdown parsers (e.g., Slack/Discord formatting).
  • [SAFE]: All identified Node.js dependencies (e.g., discord.js, @slack/bolt, grammy) are established, well-known, and reputable libraries within the messaging and bot development ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 11:25 AM