webhook-subscriptions
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of mapping external webhook data to agent prompts.
- Ingestion points: Incoming HTTP POST payloads from external services (e.g., GitHub, Stripe, GitLab) are ingested as documented in
SKILL.mdunder the 'Common Patterns' section. - Boundary markers: Absent. The documentation shows simple
{field}interpolation templates without any delimiters or system instructions designed to prevent the agent from obeying instructions embedded within the variables. - Capability inventory: The skill triggers agent runs based on these webhooks and supports delivery of the resulting output to external adapters including Telegram, Discord, and GitHub comments.
- Sanitization: The skill description and instructions do not mention any sanitization, escaping, or validation of the incoming payload fields before they are interpolated into the prompt string.
Audit Metadata