pp-resend
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
resend-pp-clibinary through the author's official repositories, usingnpx -y @mvanhorn/printing-press-libraryandgo install github.com/mvanhorn/printing-press-library/.... These sources are consistent with the skill's authorship. - [COMMAND_EXECUTION]: The skill is designed to execute shell commands using the
resend-pp-clitool to interact with the Resend API. This includes managing API keys, sending emails, and performing account audits. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>feature that enables the transmission of command results—which may include sensitive data like API keys, logs, or email content—to user-specified external webhooks. While this is a documented feature of the tool, it represents a potential vector for data exfiltration if misused. - [PROMPT_INJECTION]: The skill processes external email data, which introduces a potential surface for indirect prompt injection.
- Ingestion points: Retrieval of email content, subjects, and recipient data via
emails to,emails list, andemails getcommands. - Boundary markers: The tool utilizes a structured JSON response envelope (
.results) to separate API data from metadata, providing a layer of isolation for the agent. - Capability inventory: The tool possesses high-privilege capabilities including API key management, local file system writes (
file:sink), and network POST requests (webhook:sink). - Sanitization: No explicit sanitization or filtering of email-based content is mentioned before the data is returned to the agent's context.
Audit Metadata