react-email
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and documentation focus exclusively on legitimate email development workflows and providing assistance to users building email templates.
- [EXTERNAL_DOWNLOADS]: The skill utilizes official package managers and registries (npm, yarn, pnpm, bun) to install verified dependencies like @react-email/components and the create-email CLI. Evidence: SKILL.md references npx create-email@latest and npm install for project setup.
- [COMMAND_EXECUTION]: The shell commands included (npx, npm run dev, cp) are standard for local development environments and project scaffolding. No unauthorized or silent background execution patterns were found.
- [CREDENTIALS_UNSAFE]: Security best practices are followed for handling sensitive data. The skill demonstrates using environment variables (process.env.RESEND_API_KEY, process.env.SMTP_USER) rather than hardcoding credentials.
- [SAFE]: The skill provides defensive instructions to the agent, such as warning users against using unsupported file formats (SVG/WEBP) or layout techniques (Flexbox/Grid) that break in major email clients.
Audit Metadata