skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-webhooks-events/Gen Agent Trust Hub
customerio-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides well-structured TypeScript templates for Customer.io integration, following industry standards for webhook handling and queue processing.
- [EXTERNAL_DOWNLOADS]: The skill references established, reputable libraries such as express, bullmq, and official Google Cloud and Customer.io SDKs.
- [DATA_EXFILTRATION]: Sensitive data is handled correctly using environment variables. External network requests are directed only to verified, well-known service domains associated with the skill's purpose.
- [PROMPT_INJECTION]: The skill implements a robust authentication mechanism (HMAC signature verification) for its data ingestion point (req.body in SKILL.md). This ensures that only verified data from Customer.io is processed, mitigating potential indirect prompt injection risks from external sources.
Audit Metadata