clerk-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches dependencies such as
svixand Clerk SDKs from the official npm registry. - [COMMAND_EXECUTION]: Utilizes well-known development tools including
ngrokfor local tunneling and the Clerk CLI for development workflows. - [PROMPT_INJECTION]: The skill processes external data via webhook endpoints, creating an indirect injection surface.
- Ingestion points: Webhook request bodies are read and parsed in
app/api/webhooks/clerk/route.tsandreferences/implementation-guide.md. - Boundary markers: Robust HMAC signature verification via Svix or Clerk's built-in utilities ensures the authenticity and integrity of incoming data from Clerk.
- Capability inventory: Database write operations (create, update, delete) are performed across multiple files using Prisma or similar database abstractions.
- Sanitization: The implementation relies on standard database patterns for data persistence; explicit validation or sanitization of user-controlled fields within the webhook payload is not detailed in the provided boilerplate.
Audit Metadata