resend-api

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill metadata contains deceptive information regarding its origin. Specifically, the SKILL.md file identifies the author as "OpenAI", which is inconsistent with the actual author attribution for this skill.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it is designed to ingest and process untrusted external data in the form of incoming email content.
  • Ingestion points: Incoming email content is retrieved via the Resend Receiving Emails API using the GET /emails/receiving/{email_id} endpoint, as documented in references/webhooks-inbound-and-beta.md.
  • Boundary markers: The instructions do not specify any delimiters or safety warnings to prevent the agent from following instructions that may be embedded within the content of received emails.
  • Capability inventory: The bundled script scripts/resend_api.py grants the agent the ability to make network requests to the Resend API and write data to local files via the --output and --binary-output flags.
  • Sanitization: There are no mechanisms described or implemented to sanitize, filter, or validate the content of processed emails before they are placed into the agent's context.
  • [DATA_EXFILTRATION]: The helper script scripts/resend_api.py performs network operations to api.resend.com, which is a non-whitelisted domain. While essential for the skill's intended purpose, the script allows for the redirection of API calls to arbitrary URLs via the RESEND_BASE_URL environment variable, representing a low-level data exfiltration risk if the environment is compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:41 AM
Security Audit — agent-trust-hub — resend-api