AutoSend
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill requires the installation of the 'autosendjs' npm package and uses 'npx skills add'. These dependencies are essential for the skill's primary purpose of AutoSend API integration.
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection through data ingested from the AutoSend API. 1. Ingestion points: Contact data returned from 'GET /v1/contacts/:id' and 'POST /v1/contacts'. 2. Boundary markers: None identified in the provided files. 3. Capability inventory: Sending emails via 'emails.send()' and 'emails.bulk()'. 4. Sanitization: No evidence of sanitization for API data.
- Data Exposure & Exfiltration (SAFE): Network communication is restricted to the legitimate 'api.autosend.com' domain. API keys are correctly managed through environment variables instead of hardcoding.
- Command Execution (SAFE): The 'scripts/test-send.js' utility script performs specific verification tasks and does not allow for arbitrary command execution.
Audit Metadata