postmark-templates
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements secure authentication practices by utilizing environment variables for server and account tokens instead of hardcoded credentials.
- [SAFE]: All external interactions are limited to official Postmark domains and the verified 'postmark' Node.js library, which are legitimate vendor resources.
- [PROMPT_INJECTION]: The skill has a standard indirect prompt injection surface because it retrieves and processes email templates from the Postmark API.
- Ingestion points: Template data is fetched via the GET /templates endpoints in 'references/template-api.md'.
- Boundary markers: No specific delimiters are defined to separate template content from instructions.
- Capability inventory: The skill allows the agent to send emails and modify templates.
- Sanitization: The documentation in 'references/handlebars-syntax.md' provides guidance on safe vs. unsafe HTML escaping, although no automated sanitization is enforced.
Audit Metadata