clerk-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious code, obfuscation, or data exfiltration patterns were detected in the skill instructions or example code.
- [EXTERNAL_DOWNLOADS] (SAFE): All identified dependencies are standard, reputable libraries for the respective ecosystems (e.g.,
svix,standardwebhooks,fastapi,next). - [PROMPT_INJECTION] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found.
- [DATA_EXFILTRATION] (SAFE): No unauthorized data access, hardcoded secrets, or network sends to non-whitelisted domains were found. Secret placeholders are properly documented for user configuration.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from Clerk webhooks. However, it implements and documents rigorous signature verification (HMAC-SHA256) and timestamp validation to prevent processing unauthorized or replayed payloads.
- [COMMAND_EXECUTION] (SAFE): No arbitrary command execution or shell injection patterns were identified.
Audit Metadata