resend-inbound-emails
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements an AI-powered email personalization feature that uses inbound email content as context for generating replies, creating a surface for indirect prompt injection.
- Ingestion points: Inbound emails are processed in
assets/api/webhook-resend-route.tswhere text and HTML bodies are extracted. - Boundary markers: The system uses
assets/lib/inbox/reply-parser.tsto strip quoted content, which provides some structural separation, but lacks explicit delimiters or instructions to the AI to ignore embedded commands within the processed email body. - Capability inventory: The skill has the capability to send outbound emails via the Resend API (
assets/api/inbox-send-route.ts). - Sanitization: Content is escaped for HTML notifications in
assets/lib/inbox/inbound-notification.ts, though the raw content is utilized as context for the personalization engine. - [EXTERNAL_DOWNLOADS]: The skill interacts with the Resend API for email operations and domain management.
- Fetches and manages configuration from Resend's official API endpoints using the
resendlibrary. - This interaction is necessary for the core functionality of the skill and uses well-known technology services.
- [EXTERNAL_DOWNLOADS]: The skill optionally utilizes Redis for real-time Server-Sent Events (SSE).
- Connects to a Redis instance for pub/sub operations to update the frontend instantly when new messages arrive.
- Documented as an optional feature requiring the standard
ioredispackage.
Audit Metadata