Resend Expert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a real-seeming API key and shows it embedded verbatim in curl commands and SDK examples, forcing the agent to output or reproduce a secret value directly.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains a high-entropy, literal API key: "re_Czsz1gQW_Dz4H2a9dH8tTjgteeDCjVujF" (present as "User's Key" and used directly in curl, Node, and Python examples). This matches the definition of a secret (live-looking API key). Other values (emails, onboarding@resend.dev, domain names) are non-secrets or documented test addresses and are ignored per the rules.