postmark-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill implements multiple secure authentication patterns, including token-based query parameters and Basic Auth, to ensure that only legitimate requests from Postmark are processed.
- [SAFE]: The provided code examples across all frameworks (FastAPI, Express, and Next.js) include schema validation to ensure the integrity of the RecordType and MessageID fields before processing events.
- [SAFE]: Comprehensive documentation is included that details security best practices, such as the mandatory use of HTTPS in production and the implementation of IP allowlisting for Postmark's known ranges.
- [EXTERNAL_DOWNLOADS]: The documentation suggests the installation of the Hookdeck CLI via Homebrew for local testing. Hookdeck is a reputable and well-known service for webhook management, and this recommendation is documented as a standard development practice.
Audit Metadata