The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests untrusted user input from form data and interpolates it directly into HTML email templates within the sendContactEmail and sendBookingEmail functions. Ingestion points: Ingestion occurs via the formData object in the submitContactForm server action. Boundary markers: Input is validated using the contactFormSchema.safeParse method, though explicit delimiters or 'ignore' instructions are absent. Capability inventory: The skill has the capability to send outbound communications through the resend.emails.send API. Sanitization: User-controlled strings (name, message, phone, injuries) are placed into HTML templates without proper escaping, allowing for potential HTML injection in the recipient's email client.

email-resend