Skip to main content

postmark-inbound

Facilitates processing incoming emails with Postmark webhooks for workflows like email-to-ticket and document extraction.

Install this skill

or
43/100

Security score

The postmark-inbound skill was audited on Mar 8, 2026 and we found 13 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 107

Template literal with variable interpolation in command context

SourceSKILL.md
107console.log(`Reply for ${type} #${id} from ${From}`);
medium line 109

Template literal with variable interpolation in command context

SourceSKILL.md
109console.log(`New inbound email from ${From}: ${Subject}`);
medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md
3description: Use when processing incoming emails with Postmark inbound webhooks — building reply-by-email, email-to-ticket, document extraction, or any workflow that receives and parses email.
medium line 14

Webhook reference - potential data exfiltration

SourceSKILL.md
14Postmark's inbound processing parses incoming emails and delivers them as structured JSON to your webhook endpoint. This enables workflows like:
medium line 25

Webhook reference - potential data exfiltration

SourceSKILL.md
252. **Set webhook URL** where Postmark will POST parsed email data
low line 30

Webhook reference - potential data exfiltration

SourceSKILL.md
30Sender → Email → Postmark → Parses email → POST JSON → Your webhook endpoint
medium line 36

Webhook reference - potential data exfiltration

SourceSKILL.md
362. **Set webhook URL** — In your Postmark server settings, set the Inbound webhook URL
medium line 61

Webhook reference - potential data exfiltration

SourceSKILL.md
61Two setup options — MX record (recommended) or email forwarding. Constraints: one inbound stream per server, one domain per stream, one webhook URL per stream.
medium line 63

Webhook reference - potential data exfiltration

SourceSKILL.md
63See [references/inbound-setup.md](references/inbound-setup.md) for full DNS steps, forwarding caveats, retry schedule, and how to set your webhook URL.
medium line 65

Webhook reference - potential data exfiltration

SourceSKILL.md
65## Webhook Payload
low line 101

Webhook reference - potential data exfiltration

SourceSKILL.md
101app.post('/webhooks/inbound', (req, res) => {
medium line 136

Webhook reference - potential data exfiltration

SourceSKILL.md
136| Slow webhook processing | Process async (queue the work) and respond 200 immediately |
medium line 142

Webhook reference - potential data exfiltration

SourceSKILL.md
142- Inbound webhook payloads can be large due to attachments — set appropriate body size limits
Scanned on Mar 8, 2026
View Security Dashboard

Install this skill with one command

/learn @activecampaign/postmark-inbound
GitHub Stars 30
Rate this skill
Categorysales
UpdatedMarch 29, 2026
openclawapicustomer-success-managersupport-agentemail-marketerproduct-managerbusiness-developmentsalessupportmarketingproduct
ActiveCampaign/postmark-skills