Back to skill

Security audit

Resend Skills

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned Resend email integration, with some documentation examples that deserve care around live email, contacts, logs, and secrets.

Install only if you intend to let the agent work with your Resend account. Use a scoped Resend API key, keep secrets in environment variables or a secret manager, require explicit confirmation before sending email, enabling automations, or deleting/updating contacts, and avoid printing raw log bodies or webhook signing secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The documentation encourages creating and enabling automations that can send emails, update contacts, add contacts to segments, or delete contacts, but it does not clearly warn that these actions can affect real user data immediately and that some actions are irreversible. In the context of an agent skill that may be used operationally, this increases the risk of accidental mass messaging, unintended data modification, or destructive contact deletion in production environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Python example hardcodes what appears to be an API key directly in sample code, which can normalize insecure credential handling and lead users to embed real secrets in source files. In the context of an email API skill, exposed API keys can enable unauthorized email sending, contact data access, and account-level abuse if copied into repositories or logs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly instructs users to retrieve and print full `request_body` and `response_body` values from API logs, but it provides no warning that these bodies may contain sensitive data such as recipient addresses, message content, template variables, tokens, or other application secrets. In a logging/auditing feature, normalizing unrestricted access and display of raw bodies increases the chance of accidental exposure in terminals, CI logs, support tooling, or secondary storage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation teaches how to send email through a third-party service but does not warn that recipient addresses, message bodies, and related metadata are transmitted to an external provider. In an agent skill context, that omission is more dangerous because an autonomous system may follow these examples and exfiltrate user-provided content without making the data transfer explicit.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The webhook creation examples print the `signing_secret` directly to console/stdout, which commonly ends up in terminal scrollback, CI logs, shared runbooks, or observability systems. Because this secret is used to authenticate incoming webhooks, disclosure would let an attacker forge apparently valid webhook events and trigger downstream business logic.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.