resend

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill file is coherent with its stated purpose: it documents how to call the Resend API using an environment API key and curl. The data flows are appropriate (env var + local JSON -> official API over HTTPS). There are no indicators of obfuscated code, hidden backdoors, or third-party credential harvesting. Operational caution: examples write request bodies to /tmp which can persist sensitive data; users should avoid leaving API keys or private content in temporary files and should follow secure cleanup practices. Overall, the file appears benign and appropriate for its purpose. LLM verification: The documentation describes a coherent, legitimate workflow for interacting with Resend's API via curl. The footprint is appropriate for its stated purpose. Main security consideration is the potential exposure of the API key in shell history or logs when constructing curl commands. Recommend safer patterns (e.g., passing API key via headers without embedding in command text, using curl -H 'Authorization: Bearer $RESEND_API_KEY' with the key sourced from a controlled environment, or using a temp