ben-agent-email
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted inbound emails from the Resend service, creating a surface for indirect prompt injection. • Ingestion points: Inbound email content received via Resend webhooks at
POST /api/ai-email. • Boundary markers: The skill definition does not specify markers to isolate email content from agent instructions. • Capability inventory: The skill can send emails and update internal session states, which could be abused if malicious instructions are embedded in received emails. • Sanitization: No explicit sanitization or filtering of email content is described in the skill documentation. - [CREDENTIALS_UNSAFE]: The documentation instructs the user to store a
RESEND_API_KEYandRESEND_WEBHOOK_SECRETin a local.envfile at a predictable path (.opencode/skill/ben-agent-email/.env). While placeholders are provided in the example, storing secrets in local files is a credential management risk.
Audit Metadata