Resend Expert
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill includes a hardcoded Resend API key ('re_Czsz1gQW_Dz4H2a9dH8tTjgteeDCjVujF') throughout the examples in 'SKILL.md'. Hardcoded credentials are a major security risk.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it can ingest untrusted data and use it in email communications. • Ingestion points: 'SKILL.md' (email body parameters populated via user input or WebFetch). • Boundary markers: Absent. • Capability inventory: 'WebFetch', 'Bash' (curl), and SDK-based API operations. • Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata