resend-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill targets non-interactive CLI use and explicitly supports/illustrates passing API keys via the --api-key flag or inline RESEND_API_KEY=... in commands, which encourages including secret values verbatim in generated outputs and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes commands to receive and list inbound emails (see references/emails.md and Workflow #12: "emails receiving list/get/listen") which ingest untrusted, user-generated email HTML/text/attachments (raw.download_url) that the agent is expected to read and which can drive follow-up actions like forwarding or triggering automations, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes installation commands that fetch and execute remote scripts (curl -fsSL https://resend.com/install.sh | bash and irm https://resend.com/install.ps1 | iex), which run remote code as a required step to install the CLI used by the skill.