consent-registry
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data such as list imports and ESP exports which could contain malicious instructions.\n
- Ingestion points: Processes pasted text, third-party exports, and the
memory/consent/candidates.mdfile.\n - Boundary markers: Explicitly instructs the agent to treat all pasted/exported material as untrusted data and not instructions.\n
- Capability inventory: The skill can write files to the
memory/consent/directory and execute local shell commands via a connector script.\n - Sanitization: Employs hashing/normalization of identifiers and data-minimization practices.\n- [COMMAND_EXECUTION]: Execution of a local connector script with user-supplied arguments.\n
- Evidence:
python3 "${CLAUDE_PLUGIN_ROOT}/scripts/connectors/resend.py" suppress <id-or-email> --live.\n - Description: The skill facilitates synchronization with the Resend platform by executing a local Python script. It passes user-provided identifiers (email/id) as arguments to the shell command.\n- [DATA_EXFILTRATION]: Synchronization of subscriber information to an external service.\n
- Evidence: Use of the
resend.pyscript to update suppression status on the Resend platform.\n - Description: The skill transmits subscriber consent and suppression status to the Resend API. This is documented functionality for a well-known email service and utilizes a vendor-provided script.
Audit Metadata