skills/jeremylongshore/claude-code-plugins-plus-skills/creating-webhook-handlers/Gen Agent Trust Hub
creating-webhook-handlers
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No critical, high, or medium severity security issues were identified.
- [COMMAND_EXECUTION]: The skill employs a specialized bash tool for scaffolding and boilerplate generation. Evidence: YAML frontmatter and instructions specify Bash(api:webhook-*) tool usage.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists via the ingestion of API specification files. * Ingestion points: The skill reads files from {baseDir}/api-specs/ as part of the implementation flow. * Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the input data. * Capability inventory: The skill has permissions to write files and execute scoped bash commands. * Sanitization: No data sanitization or validation logic is defined for processed files.
Audit Metadata