skills/jeremylongshore/claude-code-plugins-plus-skills/documenso-webhooks-events/Gen Agent Trust Hub
documenso-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a process for ingesting and handling external data via Documenso webhooks, which constitutes an indirect prompt injection attack surface.
- Ingestion points: Express.js POST endpoint implementation in references/implementation-guide.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the implementation code.
- Capability inventory: The skill metadata in SKILL.md allows the use of Bash tools (curl, ngrok).
- Sanitization: The provided code implements HMAC-based signature verification and standard JSON validation.
Audit Metadata