resend-integration-skills

Remove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.

Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).

Remove shell metacharacters (semicolons, pipes, ampersands, backticks) from MCP server arguments. Use explicit argument arrays and avoid shell expansion in MCP configurations.

Likely FP if the metacharacter is a literal part of a non-shell argument (e.g., a regex pattern or a URL query parameter containing ampersands).

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).