postmark-templates

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements secure authentication practices by utilizing environment variables for server and account tokens instead of hardcoded credentials.
  • [SAFE]: All external interactions are limited to official Postmark domains and the verified 'postmark' Node.js library, which are legitimate vendor resources.
  • [PROMPT_INJECTION]: The skill has a standard indirect prompt injection surface because it retrieves and processes email templates from the Postmark API.
  • Ingestion points: Template data is fetched via the GET /templates endpoints in 'references/template-api.md'.
  • Boundary markers: No specific delimiters are defined to separate template content from instructions.
  • Capability inventory: The skill allows the agent to send emails and modify templates.
  • Sanitization: The documentation in 'references/handlebars-syntax.md' provides guidance on safe vs. unsafe HTML escaping, although no automated sanitization is enforced.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:52 AM
Security Audit — agent-trust-hub — postmark-templates