skills/jeremylongshore/claude-code-plugins-plus-skills/perplexity-webhooks-events/Gen Agent Trust Hub
perplexity-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements cryptographic signature verification using HMAC SHA256 with
crypto.timingSafeEqual, which protects against timing attacks. - [SAFE]: Replay attack protection is included by verifying the
x-perplexity-timestampheader and rejecting requests older than 5 minutes. - [COMMAND_EXECUTION]: The skill requests the
Bashtool withcurlfor legitimate testing purposes, such as triggering webhooks or communicating with local development tunnels like ngrok. - [SAFE]: External services mentioned (webhook.site, ngrok, Perplexity API) are well-known developer tools and services used for their intended primary purposes in this context.
Audit Metadata