skills/jeremylongshore/claude-code-plugins-plus-skills/customerio-webhooks-events/Gen Agent Trust Hub
customerio-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements security best practices for webhook handling, specifically using
crypto.timingSafeEqualfor HMAC-SHA256 signature verification to protect against timing attacks. - [SAFE]: Credentials and sensitive configuration, such as API keys and webhook secrets, are managed via environment variables (
process.env) rather than being hardcoded in the scripts. - [SAFE]: Network operations are directed exclusively to official and well-known service endpoints, including Customer.io's Reporting API and Google Cloud BigQuery.
- [SAFE]: Potential indirect prompt injection risks from external webhook data are mitigated by the implementation of cryptographic signature verification and the use of structured TypeScript interfaces to enforce strict data schemas.
Audit Metadata