emitting-api-events
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements industry-standard security practices for event-driven systems, such as HMAC-SHA256 signing for webhook payloads and the transactional outbox pattern to ensure data consistency.
- [COMMAND_EXECUTION]: The skill utilizes a platform-scoped bash tool
Bash(api:events-*)for development tasks like generating boilerplate code and running integration tests. Access is restricted to specific event-related commands as per the platform configuration. - [EXTERNAL_DOWNLOADS]: The examples reference well-known and trusted Node.js libraries such as
kafkajsandredisfor message brokering and event streaming. - [DATA_EXFILTRATION]: While the skill demonstrates how to send data via webhooks, it includes guidance on security controls like signing secrets and URL validation to prevent unauthorized delivery or SSRF vectors in the implemented architecture.
Audit Metadata