enonic-webhook-integrator
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes a local discovery script (
scripts/find-enonic-targets.mjs) used to identify Enonic XP project roots. This script performs read-only operations on specific project marker files (build.gradle,gradle.properties) within a limited directory depth. - [SAFE]: Templates for event listeners and HTTP services (
assets/event-listener.template.ts,assets/http-service.template.ts) include explicit instructions and helper functions for authenticating incoming requests and sanitizing external inputs before they are used in content operations. - [SAFE]: The instructions and examples (
references/examples.md,references/webhook-reference.md) explicitly advise against hardcoding secrets and recommend using placeholders with out-of-band configuration via standard Enonic XP configuration files. - [SAFE]: While the skill is designed to handle untrusted data from webhooks (Indirect Prompt Injection surface), it provides comprehensive sanitization patterns, payload size limits, and validation logic to mitigate risks associated with processing external data.
Audit Metadata