agent-email-inbox
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a security-focused implementation template for building email-to-agent workflows. It provides explicit code examples for validating webhook signatures using
resend.webhooks.verify(), implementing multiple levels of sender allowlisting, and enforcing rate limits to protect the agent's infrastructure. - [PROMPT_INJECTION]: The skill specifically addresses indirect prompt injection risks associated with processing untrusted email content. It includes functions like
stripQuotedContentandtruncateContentto prevent attackers from using hidden instructions or token-stuffing techniques in email threads. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the official
resendSDK and thesvixlibrary for webhook verification. It also references the installation of Tailscale for local development via a well-known script. All external resources are either official vendor tools or well-known services. - [SAFE]: All referenced domains (resend.com) and packages are official resources of the skill author, representing legitimate vendor functionality for managing email inboxes.
Audit Metadata