skills/jeremylongshore/claude-code-plugins-plus-skills/guidewire-webhooks-events/Gen Agent Trust Hub
guidewire-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides well-structured implementation templates for Guidewire integrations that adhere to industry security standards.
- [SAFE]: Webhook receiver implementation includes robust authentication via HMAC-SHA256 signature verification using
crypto.timingSafeEqualand timestamp validation to mitigate replay attacks. - [SAFE]: Idempotency management is explicitly addressed using Redis to prevent duplicate processing of events, which is a best practice for event-driven architectures.
- [SAFE]: Sensitive configuration elements such as webhook secrets and service URLs are handled through environment variables (
process.env.GW_WEBHOOK_SECRET,process.env.REDIS_URL) rather than being hardcoded. - [SAFE]: No instances of prompt injection, data exfiltration, obfuscation, or unauthorized remote code execution were found within the skill instructions or code snippets.
Audit Metadata