webhook-transforms
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external, untrusted sources such as SMS, meeting transcripts, and social media mentions via webhooks. This creates a surface for indirect prompt injection where malicious instructions embedded in the webhook payloads could influence the agent's behavior or poison the knowledge base (brain pages) for future tasks.
- Ingestion points: Webhook JSON payloads from external services (SKILL.md).
- Boundary markers: While the skill specifies stripping HTML and escaping script content, it does not define clear delimiters or natural language instructions to ignore embedded commands within the text bodies of the events.
- Capability inventory: The skill uses
put_pageandadd_timeline_entryto write processed data into the agent's persistent knowledge base (SKILL.md). - Sanitization: The skill includes explicit instructions for HTML stripping and script escaping, which mitigates technical injection (XSS) but does not prevent natural language prompt injection.
Audit Metadata