postmark
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates inbound email processing (postmark-inbound), creating a surface for indirect prompt injection. Ingestion points: Untrusted data enters the agent context through webhook payloads containing email content fields like StrippedTextReply and HtmlBody, as detailed in postmark-inbound/references/payload-structure.md. Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate untrusted email content from its internal operational logic. Capability inventory: Functional examples in postmark-inbound/references/handler-examples.md demonstrate that the agent has the capability to write to the file system (fs.writeFileSync) and interact with databases based on parsed email data. Sanitization: The provided implementation examples do not include content sanitization or validation routines to identify and neutralize malicious payloads embedded in incoming emails.
- [EXTERNAL_DOWNLOADS]: The skill identifies and recommends the installation of official or well-known SDKs, such as the postmark library on NPM and the postmarker library on PyPI. These resources are hosted on reputable public registries and originate from the vendor or recognized community contributors.
Audit Metadata