resend
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation recommends installing the
requestslibrary viauv pip. This is a standard, well-known dependency for Python HTTP interactions. - [DATA_EXFILTRATION]: The skill possesses the functionality to read local files specified by the user (via
--htmlor--attachmentsarguments) and transmit their content to the Resend API (api.resend.com). This behavior is consistent with the skill's primary intended purpose of sending email attachments and reports. - [DATA_EXFILTRATION]: The utility script
_resend_utils.pyreads from~/.config/env/secrets.envand~/.claude.jsonto retrieve theRESEND_API_KEY. This is a standard and safe practice for local credential management for agent skills. - [PROMPT_INJECTION]: The skill handles untrusted data that could contain indirect prompt injections.
- Ingestion points: The skill processes user-supplied text or files through the
--body,--html, and--attachmentsparameters, as well as via stdin piping. - Boundary markers: The
SKILL.mdfile contains a prominent "IMPORTANT: Confirm Before Sending" section which instructs the agent to show the recipient, subject, and content to the user for explicit approval before execution. This provides a critical human-in-the-loop safety check. - Capability inventory: The
send.pyscript can read arbitrary local files and perform authenticated POST requests tohttps://api.resend.comusing therequestslibrary. - Sanitization: No content sanitization or escaping is performed on the message bodies or attachments before they are sent to the API.
Audit Metadata