resend
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of
@mjrussell/resend-clivia npm. This package is maintained by an individual developer and is not an official tool from Resend or the skill author, representing an unverifiable dependency from an unknown source. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from inbound emails.
- Ingestion points: Email content and metadata retrieved via
resend email list,resend email get, andresend email attachmentsas specified inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are included in the prompt instructions.
- Capability inventory: The skill executes shell commands and uses
jqto process data; malicious instructions in an email could attempt to influence these operations or the agent's next steps. - Sanitization: No sanitization or validation of the retrieved email content is performed before it is presented to the agent.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands for its core functionality, using the
resendbinary and thejqutility to list, fetch, and parse email data.
Audit Metadata