ship-email

The skill is broadly BENIGN: it purposefully scaffolds an email infrastructure stack around Resend, including environment-driven configuration, unsubscribe handling, and batched campaign sending. The data flows are consistent with legitimate email delivery use cases. Minor security concerns exist around secret management visibility, unsubscribe token exposure risk in logs, and rate-limiting considerations for bulk sends. There is no evidence of malicious data exfiltration, autonomous real-world actions beyond email sending, or use of unverifiable binaries. Overall risk is modest (securityRisk ~ 0.35; malware ~ 0.05).