github-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides secure code examples for verifying GitHub webhook signatures using HMAC SHA-256 across multiple frameworks (Express, Next.js, and FastAPI).
- [SAFE]: Implementations in Node.js and Python use timing-safe comparison functions to prevent timing attacks, specifically
crypto.timingSafeEqualandhmac.compare_digest. - [SAFE]: Secrets are managed through environment variables, and the provided examples use safe placeholders in
.env.examplefiles to avoid accidental credential leakage. - [SAFE]: Dependencies are standard, well-known libraries from official registries (NPM and PyPI).
- [SAFE]: External tool recommendations, such as the Hookdeck CLI, are from a recognized service relevant to the skill's domain and are documented neutrally for local development use.
Audit Metadata