Skills
skills/hookdeck/webhook-skills/woocommerce-webhooks/Gen Agent Trust Hub

woocommerce-webhooks

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE] (SAFE): No malicious patterns, obfuscation, or unauthorized data access were detected in the skill code or documentation.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill handles untrusted data from WooCommerce webhooks but includes robust defenses.
  • Ingestion points: Webhook POST endpoints in examples/express/src/index.js, examples/fastapi/main.py, and examples/nextjs/app/webhooks/woocommerce/route.ts ingest external data.
  • Boundary markers: Strong boundary markers are present via HMAC SHA-256 signature verification (X-WC-Webhook-Signature) required before any data processing occurs.
  • Capability inventory: The provided code is restricted to logging and JSON parsing; it does not contain dangerous sinks like eval() or subprocess.run().
  • Sanitization: The handlers use standard JSON parsers (JSON.parse or request.json()) only after the authenticity of the payload has been cryptographically verified.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:09 PM