postmark-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): No sensitive data exposure or hardcoded credentials. All examples utilize environment variables (e.g., POSTMARK_WEBHOOK_TOKEN) for authentication and strictly follow the ".env.example" pattern for local setup.
- [EXTERNAL_DOWNLOADS] (SAFE): All dependencies listed in requirements.txt and package.json files are standard, reputable libraries for the respective ecosystems (FastAPI, Express, Next.js). No suspicious or unverifiable packages were found.
- [COMMAND_EXECUTION] (SAFE): The skill does not perform any dangerous shell executions. Command-line examples provided in READMEs (e.g., openssl for token generation or brew for local testing tools) are standard developer utilities and are not executed by the skill's logic.
- [PROMPT_INJECTION] (SAFE): No prompt injection vectors were found. The skill handles structured webhook data programmatically and does not interpolate external inputs into LLM prompts.
- [DATA_EXFILTRATION] (SAFE): Network operations are limited to standard server listening and optional logging of event metadata. There are no patterns of sending sensitive system data to external non-whitelisted domains.
Audit Metadata