react-email
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code samples for the React Email library and Resend service. All external links point to official documentation (react.email, resend.com) or the project's GitHub repository.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install standard development dependencies and CLI tools using verified package managers like npm, yarn, pnpm, and bun (e.g.,
npx create-email@latest,npm install @react-email/components). This is normal behavior for a developer-oriented skill. - [COMMAND_EXECUTION]: Instructions include standard shell commands for project scaffolding, directory navigation, and starting a local development server (e.g.,
cd react-email-starter,npm run dev). These commands are typical for the described workflow. - [CREDENTIALS_UNSAFE]: The documentation correctly advises users to manage sensitive credentials like
RESEND_API_KEYand SMTP passwords through environment variables (process.env), which is a security best practice for managing secrets in code.
Audit Metadata