react-email
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill outlines standard and well-documented procedures for using the React Email framework for template generation and delivery.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing well-known and reputable Node.js packages (e.g.,
react-email,resend,nodemailer) from the official npm registry. These are trusted tools used widely by the development community. - [DATA_EXFILTRATION]: Examples for sending emails correctly utilize environment variables (e.g.,
process.env.RESEND_API_KEY) to manage credentials, adhering to security best practices and avoiding sensitive data exposure. - [PROMPT_INJECTION]: The skill's internal instructions and metadata were evaluated for behavioral overrides or bypass attempts; no malicious injection patterns or jailbreak attempts were found.
- [SAFE]: Regarding potential indirect prompt injection: 1. Ingestion points: Data enters the system as props to React components. 2. Boundary markers: No explicit markers are used, but React provides default boundaries. 3. Capability inventory: The skill can render HTML strings and call external mail APIs. 4. Sanitization: The skill relies on React's built-in JSX escaping mechanism, which provides effective protection against content injection in the generated email body.
Audit Metadata