rstack-audit

SUSPICIOUS: the core audit behavior is largely coherent and proportionate for a resolved.sh page health check, with official endpoint usage and limited credential scope. The main concern is the explicit transitive skill installation/update command using an unpinned GitHub-backed Skills CLI path, which adds supply-chain risk but does not by itself indicate malicious intent.