apollo-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a standard webhook processing architecture for Apollo.io. It follows security best practices by implementing HMAC-SHA256 signature verification to authenticate incoming requests from Apollo.io.
- [PROMPT_INJECTION]: The skill processes untrusted data from external webhook events, which is a potential surface for indirect prompt injection. However, the implementation includes significant mitigations.
- Ingestion points: The
/apolloendpoint inSKILL.mdaccepts POST requests with external event data. - Boundary markers: Includes
verifyApolloWebhookmiddleware for signature validation and uses Zod for structural validation of payloads. - Capability inventory: Interacts with a local database using Prisma and publishes events to an internal system.
- Sanitization: Strict schema enforcement is applied via Zod parsing to ensure data conforms to expected formats.
Audit Metadata