react-email
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or security vulnerabilities were identified in the skill's instructions or code examples.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of legitimate, well-known packages from the official NPM registry, specifically
@react-email/components,react-email,resend,nodemailer, and@sendgrid/mail. - [CREDENTIALS_UNSAFE]: Demonstrates secure handling of sensitive data by using environment variables (
process.env.RESEND_API_KEY,process.env.SMTP_USER,process.env.SMTP_PASS,process.env.SENDGRID_API_KEY) for API keys and SMTP credentials instead of hardcoding them. - [COMMAND_EXECUTION]: Includes standard development commands for package management (
npm install) and launching a local development preview server (npx react-email dev).
Audit Metadata