sinch-mailgun-validate
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for interacting with the Mailgun API using official SDKs and standard tools like curl.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill correctly instructs users to store the Mailgun API key in environment variables.
- [EXTERNAL_DOWNLOADS]: Dependencies listed (such as mailgun.js, mailgun-ruby, etc.) are standard packages for the Mailgun service. The skill also explicitly restricts documentation fetching to trusted first-party domains like documentation.mailgun.com.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies the risk of processing untrusted external data from bulk validation results. It provides a specific mitigation warning to treat downloaded content as untrusted and sanitize it before processing, which aligns with security best practices for handling external data ingestion.
Audit Metadata