vercel-webhooks
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides robust code examples for webhook signature verification. It correctly emphasizes the use of raw request bodies and implements constant-time comparison functions (such as
crypto.timingSafeEqualin Node.js andhmac.compare_digestin Python) to mitigate timing attacks. - [SAFE]: Dependencies listed in the example projects (FastAPI, Express, Next.js) are standard, well-known libraries from the official registries. While some version numbers in the examples are non-standard (e.g., Next.js 16.1.6), they do not point to malicious packages or unverifiable remote sources.
- [SAFE]: The skill references 'hookdeck-cli' and Hookdeck services, which are well-known developer tools for webhook testing and infrastructure. These references are documented neutrally for local development purposes.
- [SAFE]: No evidence of prompt injection, data exfiltration, or malicious persistence mechanisms was found in the documentation or code templates.
Audit Metadata