The Agent Skills Directory

[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive data were found. The skill uses environment variables (HOOKDECK_WEBHOOK_SECRET) and provides .env.example files with placeholder values.
[Indirect Prompt Injection] (LOW): The skill handles untrusted external data via webhook ingestion.
Ingestion points: POST endpoints at /webhooks in examples/express/src/index.js, examples/fastapi/main.py, and examples/nextjs/app/webhooks/route.ts.
Boundary markers: Code comments emphasize the requirement for raw body access to ensure signature integrity.
Capability inventory: The examples perform logging of payload properties (payload.type, payload.topic) and conditional logic based on event types.
Sanitization: Strong sanitization is implemented via HMAC SHA-256 signature verification using crypto.timingSafeEqual (Node.js) and hmac.compare_digest (Python) before any data processing occurs.
[External Downloads] (SAFE): Documentation suggests installing the Hookdeck CLI via Homebrew or npm. These are standard developer tools and used for the primary purpose of the skill.

hookdeck-event-gateway-webhooks