pp-resend

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the resend-pp-cli binary through the author's official repositories, using npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/.... These sources are consistent with the skill's authorship.
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands using the resend-pp-cli tool to interact with the Resend API. This includes managing API keys, sending emails, and performing account audits.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature that enables the transmission of command results—which may include sensitive data like API keys, logs, or email content—to user-specified external webhooks. While this is a documented feature of the tool, it represents a potential vector for data exfiltration if misused.
  • [PROMPT_INJECTION]: The skill processes external email data, which introduces a potential surface for indirect prompt injection.
  • Ingestion points: Retrieval of email content, subjects, and recipient data via emails to, emails list, and emails get commands.
  • Boundary markers: The tool utilizes a structured JSON response envelope (.results) to separate API data from metadata, providing a layer of isolation for the agent.
  • Capability inventory: The tool possesses high-privilege capabilities including API key management, local file system writes (file: sink), and network POST requests (webhook: sink).
  • Sanitization: No explicit sanitization or filtering of email-based content is mentioned before the data is returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 04:21 AM
Security Audit — agent-trust-hub — pp-resend