ship-email
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'resend' package from the NPM registry. Resend is a well-known email service provider, making this a standard and safe dependency for the skill's purpose.
- [COMMAND_EXECUTION]: The skill performs shell commands to install dependencies and generates code for API routes, database helpers, and email utilities. These actions are restricted to project scaffolding and follow common development patterns.
- [PROMPT_INJECTION]: The skill processes project-specific data like database schemas and user records to generate email segments and templates. This represents an indirect prompt injection surface. Mandatory Evidence Chain: 1. Ingestion points: Reading user table fields and data from the project database (SKILL.md). 2. Boundary markers: No specific delimiters are used to wrap database content. 3. Capability inventory: File writes for scaffolding, database query generation, and network requests via the Resend API. 4. Sanitization: The skill implements basic URL encoding for unsubscribe links but does not explicitly sanitize data interpolated into HTML templates.
Audit Metadata