fusionauth-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious behavior, prompt injections, or data exfiltration patterns were detected across the analyzed files.
- [DATA_EXPOSURE] (SAFE): Example environment files use placeholders for secrets, and the documentation correctly advises users to manage their HMAC signing keys securely.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines handlers for external webhook data. Ingestion points occur at the POST /webhooks/fusionauth endpoint in main.py, src/index.js, and route.ts. Capabilities are limited to event logging. Sanitization is strictly enforced through mandatory JWT signature verification using the HS256/384/512 algorithms.
Audit Metadata