webhook-integration
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation guide for developers to implement webhook handling.
- [SAFE]: Code implementation examples correctly use environment variables for secrets rather than hardcoding sensitive credentials.
- [SAFE]: The provided code includes robust security logic, specifically HMAC signature verification using timing-safe comparisons to prevent timing attacks.
- [SAFE]: Includes timestamp freshness checks (5-minute tolerance) to protect against replay attacks.
- [SAFE]: External links point to the official vendor documentation at docs.dodopayments.com.
Audit Metadata