pp-resend
Fail
Audited by Snyk on May 23, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The skill explicitly shows and endorses passing an API token as a literal CLI argument (
resend-pp-cli auth set-token YOUR_TOKEN_HERE) and exposes API-key management commands that can reveal or require copying secrets, so an LLM following the skill could be asked to emit secret values verbatim.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill requires fetching and installing a remote CLI at runtime (via npx @mvanhorn/printing-press-library or go install github.com/mvanhorn/printing-press-library/library/productivity/resend/cmd/resend-pp-cli@latest), which downloads and executes external code (the resend-pp-cli) and is therefore a runtime external dependency that can execute remote code.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata