hookdeck-event-gateway
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
hookdeck-clivia npm or brew and adding supplemental skills usingnpxfrom official Hookdeck repositories. - [COMMAND_EXECUTION]: Includes documentation for running the
hookdeck listencommand, which is the standard operational procedure for the tool to establish local development tunnels. - [PROMPT_INJECTION]: As an infrastructure skill for processing external webhooks, there is an inherent surface for indirect prompt injection from untrusted provider data.
- Ingestion points: Incoming webhook payloads from external providers (e.g., Stripe, Shopify) enter the system context via the gateway.
- Boundary markers: The documentation recommends implementing signature verification (
x-hookdeck-signature) to validate the authenticity of incoming requests. - Capability inventory: The gateway possesses the capability to relay payloads to application endpoints and establish local tunnels via subprocess calls in the CLI tool.
- Sanitization: Features such as filtering and transformations are described as methods to process or sanitize data before it reaches its destination.
Audit Metadata