resend-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill correctly implements Svix-compatible signature verification across multiple frameworks, including FastAPI, Next.js, and Express. The code uses constant-time comparison and timestamp validation to ensure authenticity and mitigate timing or replay attacks.
- [SAFE]: Best practices for credential management are followed by using environment variables for API keys and signing secrets.
- [PROMPT_INJECTION]: The skill includes handlers for external data ingestion from Resend webhooks. Ingestion points: POST endpoints in main.py, route.ts, and src/index.js. Boundary markers: Cryptographic signature verification is used as a mandatory validation step. Capability inventory: Handlers are restricted to event type routing and logging; no file writes or execution commands are present. Sanitization: Webhook payloads are verified and parsed as structured data before processing.
Audit Metadata