skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-webhooks-events/Gen Agent Trust Hub
coderabbit-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation follows security best practices for webhook integration, such as using crypto.timingSafeEqual for signature comparison and validating timestamps to prevent replay attacks.- [EXTERNAL_DOWNLOADS]: Includes commands for testing with webhook.site and ngrok. These are well-known services used for webhook debugging and local development.- [PROMPT_INJECTION]: The skill describes an architecture for ingesting external data via webhooks, which constitutes an indirect prompt injection surface.
- Ingestion points: Express.js endpoint defined in SKILL.md.
- Boundary markers: Absent; the code parses raw JSON body into handlers.
- Capability inventory: The skill specifies Bash(curl:*) in allowed tools.
- Sanitization: No explicit sanitization or validation of the event payload data is demonstrated.
Audit Metadata