react-email
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The code snippets demonstrate email transmission, which is the primary function of the skill. Sensitive credentials like API keys and SMTP passwords are correctly handled using environment variables (process.env) rather than being hardcoded.
- [EXTERNAL_DOWNLOADS] (SAFE): The documentation references official and widely-used libraries such as @react-email/components, resend, nodemailer, and @sendgrid/mail. These are trusted sources for email development and do not represent a threat in this context.
- [COMMAND_EXECUTION] (SAFE): The use of npx react-email@latest resend setup is a standard and expected method for initializing developer tools within a Node.js environment.
- [DATA_EXPOSURE] (SAFE): The documentation suggests asking users for verified domains and providing unsubscribe links, promoting safety and compliance in communication.
Audit Metadata