resend-email
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
resendCLI tool to send emails directly from the shell. - [DATA_EXFILTRATION]: The skill facilitates the transmission of local data to external recipients via the Resend API.
- Evidence: The
--attachmentand--html-fileflags inSKILL.mdallow the agent to read arbitrary files from the local filesystem and include them in outbound emails. - Destination: Data is sent to external email addresses provided via the
--to,--cc, and--bccflags. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection attacks where malicious data can influence agent behavior.
- Ingestion points: The agent takes input from external sources to populate flags such as
--subject,--text,--html, and--attachmentinSKILL.md. - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following instructions embedded within the data it is processing.
- Capability inventory: The skill combines file-read capabilities (via attachments) with network transmission (via email) using the
resend emails sendcommand. - Sanitization: Absent. Untrusted input can be passed directly to the command-line flags, which could lead to unauthorized file access if the agent is coerced into attaching sensitive files like
~/.ssh/id_rsaor.env.
Audit Metadata