abridge-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard development patterns for integrating with Abridge webhooks for healthcare workflows.
- [SAFE]: Implements robust security controls for incoming requests, specifically HMAC-SHA256 signature verification and timestamp expiration checks to prevent replay attacks.
- [SAFE]: Sensitive configuration data (e.g.,
ABRIDGE_WEBHOOK_SECRET,ABRIDGE_CLIENT_SECRET) is handled correctly through environment variable placeholders rather than hardcoded secrets. - [SAFE]: Indirect Prompt Injection Surface Evaluation:
- Ingestion points: The webhook handler in
src/webhooks/abridge-webhook-handler.tsprocesses external POST requests (req.body). - Boundary markers: The implementation includes a mandatory
verifySignaturecheck using a shared secret before any data processing occurs. - Capability inventory: The skill defines business logic handlers for pushing data to EHRs and sending alerts, but these are gated by the signature verification.
- Sanitization: The external payload is parsed as JSON only after the cryptographic integrity and authenticity of the source are verified.
Audit Metadata