cloudevents
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides technical guidance for implementing the CloudEvents specification, an industry standard for event metadata. It includes detailed validation checklists and serialization examples in multiple languages (TypeScript, Python, Go) that align with best practices for spec compliance.- [SAFE]: Regarding Indirect Prompt Injection (Category 8), the skill facilitates the ingestion of external event data, which is its primary technical purpose. It incorporates security mitigations by requiring strict schema validation of context attributes and recommending encryption for sensitive data payloads. 1. Ingestion points: Webhook payloads and HTTP/Kafka headers (SKILL.md, references/spec-quick-ref.md). 2. Boundary markers: Mandatory validation of four required attributes (specversion, id, source, type) and content-type checks. 3. Capability inventory: Network requests via fetch and JSON parsing. 4. Sanitization: Implementation of percent-decoding for headers and standard JSON parsing.
Audit Metadata