skills/jeremylongshore/claude-code-plugins-plus-skills/instantly-webhooks-events/Gen Agent Trust Hub
instantly-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows industry standard best practices for securing webhook endpoints.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing external webhook data from the Instantly service.
- Ingestion points: Incoming HTTP request body in the Express.js handler (SKILL.md).
- Boundary markers: Cryptographic signature verification using HMAC-SHA256 is implemented to ensure data authenticity.
- Capability inventory: The skill has access to Read, Write, Edit, and Bash tools.
- Sanitization: The provided code enforces signature validation and timestamp checks to prevent unauthorized data processing and replay attacks.
Audit Metadata