resend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated inbound emails and attachments via Resend webhooks and calls (see agent-email-inbox and resend-inbound SKILL.md where the webhook handler fetches full email content with resend.emails.receiving.get and then forwards it to agent.processEmail/agent.analyzeAndPropose), so third-party content is read and can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Resend API at runtime (e.g., POST https://api.resend.com/webhooks and subsequent emails.receiving.get calls to https://api.resend.com/) to fetch email bodies/attachments which are then passed into agent.processEmail, so remote content can directly influence agent prompts and behavior.