CtrlK
BlogDocsLog inGet started
Tessl Logo

agent-email-inbox

Use when building any system where email content triggers actions — AI agent inboxes, automated support handlers, email-to-task pipelines, or any workflow processing untrusted inbound email. Always use this skill when the user wants to receive emails and act on them programmatically, even if they don't mention "agent" — the skill contains critical security patterns (sender allowlists, content filtering, sandboxed processing) that prevent untrusted email from controlling your system.

73

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The body is highly actionable and well-structured with clear workflows and properly disclosed references to real bundle files. The only weakness is mild verbosity in explanatory rationale that Claude does not need.

Suggestions

Trim the 'Why Webhook-Based Receiving?' rationale and inline explanation of polling-vs-event trade-offs; Claude already understands these concepts, so the bullets mainly cost tokens.

Consider moving the per-language SDK version table into a reference file so the main body stays a lean overview, since only one language is relevant per user.

Tighten the 'Common Mistakes' table by collapsing rows that restate guidance already given in Security Best Practices (e.g., header trusting / no validation).

DimensionReasoningScore

Conciseness

Mostly efficient with executable code and tables, but includes rationale Claude already knows (e.g., the 'Why Webhook-Based Receiving?' bullets restating polling vs event-driven trade-offs) that could be tightened, matching the 'mostly efficient but could be tighter' anchor.

2 / 3

Actionability

Provides fully executable Next.js and Express webhook code, a complete sending example, allowlist validation, concrete SDK version table, and exact env-var snippets that are effectively copy-paste ready.

3 / 3

Workflow Clarity

A numbered 7-step Quick Start sequences setup with an explicit security-level-first ordering, plus a verification checklist with curl checks and a Common Mistakes table acting as validation checkpoints and error-recovery feedback.

3 / 3

Progressive Disclosure

The body is an overview with clearly signaled one-level-deep links to real bundle files (security-levels.md, webhook-setup.md, advanced-patterns.md), splitting detail appropriately and matching the level-3 anchor.

3 / 3

Total

11

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

The description is specific, trigger-rich, and complete, clearly stating both what the skill does and when to invoke it with concrete capability examples. It is on the verbose side and slightly overreaching with 'even if they don't mention agent', but neither materially harms the score.

DimensionReasoningScore

Specificity

Lists multiple concrete capabilities and contexts — 'AI agent inboxes, automated support handlers, email-to-task pipelines' and 'sender allowlists, content filtering, sandboxed processing' — matching the multiple-specific-actions anchor rather than the partial coverage of level 2.

3 / 3

Completeness

Explicitly answers both what (build systems where email triggers actions with security patterns) and when via a 'Use when...' clause, matching the level-3 anchor that requires explicit triggers for both dimensions.

3 / 3

Trigger Term Quality

Covers natural user phrasing such as 'receive emails and act on them programmatically', 'email-to-task pipelines', and 'email content triggers actions', giving broad coverage of terms a user would actually say.

3 / 3

Distinctiveness Conflict Risk

Has a clear niche (untrusted inbound email driving programmatic action) with distinct triggers unlikely to fire for unrelated skills; the 'even if they don't mention agent' note is a minor overreach but does not meaningfully raise conflict risk.

3 / 3

Total

12

/

12

Passed

Validation

87%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation14 / 16 Passed

Validation for skill structure

CriteriaDescriptionResult

metadata_field

'metadata' should map string keys to string values

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

14

/

16

Passed

Repository
resend/resend-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.