resend-inbound
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill handles incoming email data (webhooks and email bodies), which presents a surface for indirect prompt injection.
- Ingestion points: Webhook payload processing and email content retrieval in
SKILL.md. - Boundary markers: None.
- Capability inventory: Network operations (sending emails via the Resend API) and attachment handling.
- Sanitization: No explicit sanitization or filtering of email content is shown in the provided snippets.
- [EXTERNAL_DOWNLOADS]: The code snippets demonstrate fetching email attachments from URLs provided by the Resend API.
- Note: These downloads are a core part of the intended functionality and use authenticated URLs from the service provider.
Audit Metadata