webhook-security
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements cryptographic signature verification using the Node.js
cryptomodule and thestripeSDK, incorporating timing-safe comparisons to prevent timing attacks. - [SAFE]: Demonstrates secure secret management by utilizing environment variables for API keys and webhook secrets instead of hardcoding sensitive values.
- [SAFE]: Includes robust patterns for idempotency and replay protection using Redis to ensure secure and reliable processing of webhook events.
Audit Metadata