Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/adobe-webhooks-events/Gen Agent Trust Hub

adobe-webhooks-events

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches public keys from Adobe's official infrastructure (https://static.adobeioevents.com) for digital signature verification. This is a legitimate and necessary operation for verifying the authenticity of incoming webhooks.
  • [CREDENTIALS_UNSAFE]: The skill demonstrates best practices by instructing the user to use environment variables (process.env.ADOBE_CLIENT_ID, process.env.ADOBE_IMS_ORG_ID, etc.) for managing API credentials instead of hardcoding them in the source code.
  • [COMMAND_EXECUTION]: While the skill manifest allows the Bash tool, the instructions and code samples do not involve any arbitrary command execution or risky shell operations; the tool is restricted to curl for API interactions.
  • [DATA_EXFILTRATION]: No patterns of data exfiltration were detected. Network operations are limited to official Adobe API endpoints (api.adobe.io).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 08:45 AM