resend-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly documents and exemplifies passing API keys directly (via --api-key and inline RESEND_API_KEY=...), which can require the agent to include secret values verbatim in generated shell commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and displays untrusted external content — e.g., inbound emails and attachments via references/emails.md ("emails receiving get", "emails receiving listen") and webhook events via references/webhooks.md ("webhooks listen") — which the agent is expected to read and which can drive follow-up actions like forwarding or sending emails.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's "Initial Setup" includes commands that fetch and execute remote installers (curl -fsSL https://resend.com/install.sh | bash and irm https://resend.com/install.ps1 | iex), which would run code retrieved from resend.com as a required installation step for the CLI.