postmark-send-email
Facilitates sending transactional and broadcast emails via Postmark, supporting templates, attachments, and tracking.
Install this skill
or
70/100
Security score
The postmark-send-email skill was audited on Mar 8, 2026 and we found 10 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 131
Template literal with variable interpolation in command context
SourceSKILL.md
| 131 | console.log(`Email ${index + 1} sent: ${result.MessageID}`); |
medium line 133
Template literal with variable interpolation in command context
SourceSKILL.md
| 133 | console.error(`Email ${index + 1} failed: ${result.Message}`); |
medium line 77
Webhook reference - potential data exfiltration
SourceSKILL.md
| 77 | | `Metadata` | object | Key-value pairs for custom tracking data (returned in webhook payloads) | |
medium line 100
Webhook reference - potential data exfiltration
SourceSKILL.md
| 100 | Response includes `MessageID` — use it for tracking via webhooks or the Messages API. |
medium line 275
Webhook reference - potential data exfiltration
SourceSKILL.md
| 275 | - `MessageID` returned in response is used for bounce/webhook/API correlation |
low line 85
Access to .env file
SourceSKILL.md
| 85 | const client = new postmark.ServerClient(process.env.POSTMARK_SERVER_TOKEN); |
low line 40
External URL reference
SourceSKILL.md
| 40 | 1. **Get API Token** from your [Postmark server settings](https://account.postmarkapp.com/servers) |
low line 57
External URL reference
SourceSKILL.md
| 57 | **Endpoint:** `POST https://api.postmarkapp.com/email` |
low line 106
External URL reference
SourceSKILL.md
| 106 | **Endpoint:** `POST https://api.postmarkapp.com/email/batch` |
low line 142
External URL reference
SourceSKILL.md
| 142 | **Endpoint:** `POST https://api.postmarkapp.com/email/withTemplate` |
Scanned on Mar 8, 2026
View Security DashboardInstall this skill with one command
/learn @activecampaign/postmark-send-email