resend
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from incoming emails, creating an inherent surface for indirect prompt injection. 1. Ingestion points: Incoming email content (subject, text, and HTML bodies) is received via webhooks as described in agent-email-inbox/SKILL.md and resend-inbound/SKILL.md. 2. Boundary markers: The skill documents extensive security mitigations, including strict sender allowlists, domain-level filtering, and instruction-aware content filtering. 3. Capability inventory: The primary capability is sending emails via the Resend API (resend.emails.send), with documentation advising on the restriction of other agent capabilities. 4. Sanitization: The skill provides code examples for stripping quoted reply threads, regex-based injection detection, and content length limits.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing official SDKs from established package registries (e.g., resend on npm and PyPI) and utilizes well-known services such as Cloudflare and ngrok for development tunneling. These references are documented as standard practices for the intended email functionality.
- [DATA_EXFILTRATION]: While the skill manages sensitive API keys, it adheres to security best practices by explicitly warning against sharing keys in chat and suggesting the use of environment variables or secret managers. It also promotes the use of domain-scoped API keys to limit the potential impact of credential exposure.
Audit Metadata