backstro-email
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The internationalization guide (references/I18N.md) instructs the agent to implement dynamic imports using computed paths (await import('../messages/${locale}.json')). This pattern facilitates the loading of modules or files based on variable input, which can introduce path traversal or local file inclusion (LFI) vulnerabilities if the input variable (e.g., the locale parameter) is not strictly validated or sanitized.\n- [PROMPT_INJECTION]: The skill provides a Markdown component that renders strings into HTML for email templates, establishing a potential indirect prompt injection surface.\n
- Ingestion points: The Markdown component documented in references/COMPONENTS.md accepts raw strings through component props, which may contain untrusted content from external sources.\n
- Boundary markers: The documentation and examples do not demonstrate the use of delimiters or instructions to ignore potential commands or instructions embedded within the markdown content.\n
- Capability inventory: The skill facilitates the rendering of HTML content which is subsequently transmitted via external email providers like Resend, SendGrid, or AWS SES as documented in references/SENDING.md.\n
- Sanitization: While the documentation describes the component as safe for email clients, there are no specific details or code examples provided to demonstrate the sanitization of malicious HTML or script tags from the input string.
Audit Metadata