add-webhook
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the user to execute
modal deploy execution/modal_webhook.py. This command pushes local code to a cloud environment for execution. - [EXTERNAL_DOWNLOADS]: The skill references endpoints on the
modal.rundomain. This is a well-known cloud computing service used for the skill's primary functionality. - [CREDENTIALS_UNSAFE]: The documentation specifies that
MODAL_TOKEN_IDandMODAL_TOKEN_SECRETare required from the Modal dashboard. These are necessary for authenticated communication with the platform and are not hardcoded within the skill. - [REMOTE_CODE_EXECUTION]: The skill is designed to facilitate the execution of logic on remote Modal infrastructure via webhook triggers.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from directive files and webhook inputs.
- Ingestion points:
directives/*.mdfiles and theslugquery parameter in the execution endpoint. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided template.
- Capability inventory: Includes code deployment (
modal deploy) and tool usage (send_email,read_sheet,update_sheet). - Sanitization: No sanitization or validation logic is specified for the inputs or directive content.
Audit Metadata