rstack-content
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto perform GET and PUT requests to the resolved.sh API for content management. It also employs shortpython3scripts to parse JSON data from temporary files in/tmp. All commands are transparent and necessary for the stated functionality. - [EXTERNAL_DOWNLOADS]: Fetches content metadata and existing page structures from
https://{subdomain}.resolved.shandhttps://resolved.sh. These interactions are restricted to the vendor's own infrastructure and are used to synchronize state. - [CREDENTIALS_UNSAFE]: The skill correctly instructs the user to provide an API key (
RESOLVED_SH_API_KEY) via environment variables rather than hardcoding it. This is consistent with secure development practices for API-integrated tools.
Audit Metadata