shopify-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill implements cryptographic signature verification using industry-standard best practices, including timing-safe comparison methods (crypto.timingSafeEqual in JavaScript and hmac.compare_digest in Python) to prevent side-channel attacks.
- SAFE (SAFE): Documentation and code samples correctly prioritize the use of raw request bodies for verification, which is essential to ensure the integrity of the HMAC calculation and prevent verification bypasses.
- SAFE (SAFE): Analysis of the skill's instructions, metadata, and example project files reveals no evidence of prompt injection, data exfiltration, hardcoded credentials, or malicious dependencies.
Audit Metadata