elevenlabs-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Signature Verification (SAFE): The skill provides robust examples for verifying webhook authenticity. It recommends the official ElevenLabs SDK for Node.js/TypeScript and provides a secure manual implementation for Python/FastAPI using HMAC-SHA256 and timing-safe comparisons.
- Replay Attack Prevention (SAFE): All implementation examples include timestamp validation with a 30-minute tolerance window, effectively mitigating replay attacks.
- Data Handling (SAFE): The examples correctly utilize raw request bodies for verification before parsing JSON, ensuring the integrity of the signed payload is preserved.
- Dependency Management (SAFE): The skill references official SDKs and standard web frameworks. It includes a specific warning against using outdated, non-official packages.
- Environment Security (SAFE): Documentation and examples correctly advise using environment variables for sensitive signing secrets rather than hardcoding them.
Audit Metadata