consent-registry

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data such as list imports and ESP exports which could contain malicious instructions.\n
  • Ingestion points: Processes pasted text, third-party exports, and the memory/consent/candidates.md file.\n
  • Boundary markers: Explicitly instructs the agent to treat all pasted/exported material as untrusted data and not instructions.\n
  • Capability inventory: The skill can write files to the memory/consent/ directory and execute local shell commands via a connector script.\n
  • Sanitization: Employs hashing/normalization of identifiers and data-minimization practices.\n- [COMMAND_EXECUTION]: Execution of a local connector script with user-supplied arguments.\n
  • Evidence: python3 "${CLAUDE_PLUGIN_ROOT}/scripts/connectors/resend.py" suppress <id-or-email> --live.\n
  • Description: The skill facilitates synchronization with the Resend platform by executing a local Python script. It passes user-provided identifiers (email/id) as arguments to the shell command.\n- [DATA_EXFILTRATION]: Synchronization of subscriber information to an external service.\n
  • Evidence: Use of the resend.py script to update suppression status on the Resend platform.\n
  • Description: The skill transmits subscriber consent and suppression status to the Resend API. This is documented functionality for a well-known email service and utilizes a vendor-provided script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — consent-registry