Skills
skills/sinch/skills/sinch-mailgun/Gen Agent Trust Hub

sinch-mailgun

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation mentions installing official libraries like mailgun.js and form-data from the public registry.
  • [COMMAND_EXECUTION]: Provides standard examples for using curl and npm for API interaction and environment setup.
  • [PROMPT_INJECTION]: The skill is designed to handle external data from emails and webhooks, which presents a surface for indirect prompt injection. It proactively addresses this with defensive instructions.
  • Ingestion points: External email content and webhook payload data.
  • Boundary markers: Explicit instruction to avoid following URLs from untrusted domains.
  • Capability inventory: Ability to send emails and query logs via API, and access to local environment configurations.
  • Sanitization: Instructions restrict automated URL fetching to trusted first-party domains.
  • [SAFE]: Guidelines to retrieve API keys from environment variables or .env files follow standard security protocols for secret management in developer tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 11:06 AM