Skills
skills/renatoasse/opensquad/resend/Gen Agent Trust Hub

resend

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and execute the resend-mcp package from the npm registry. This is the standard method for running the Resend MCP server.
  • [DATA_EXFILTRATION]: The send_email and batch_send_emails tools include an attachments feature that can read from a local file path. This capability allows the agent to send local file content to external recipients through the Resend API. This is an intended functionality but presents a surface for data exfiltration if the agent is misdirected.
  • [PROMPT_INJECTION]: The skill processes external data for email bodies and subjects, which introduces a risk of indirect prompt injection.
  • Ingestion points: The from, to, subject, and body fields in the send_email and batch_send_emails operations (SKILL.md).
  • Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted content from agent instructions.
  • Capability inventory: File system access via the path parameter for attachments and network communication via the Resend API.
  • Sanitization: No explicit sanitization or validation of the email content is mentioned in the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:15 PM