rstack-services
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
curlfor interacting with the resolved.sh REST API andpython3for parsing JSON responses locally. These commands are integral to the skill's primary function of service management. - [EXTERNAL_DOWNLOADS]: Fetches current service listings and auto-generated OpenAPI documentation from vendor-owned domains (
resolved.sh). These operations are used to synchronize the state of registered services and are documented neutrally as standard platform interactions. - [CREDENTIALS_UNSAFE]: Manages sensitive authentication data including the
RESOLVED_SH_API_KEYandwebhook_secret. The skill demonstrates secure practices by advising the use of environment variables and providing verification logic that avoids hardcoding sensitive data. - [DATA_EXFILTRATION]: Transmits service configuration parameters and authorization headers to the platform's API. This data flow is restricted to the service provider's infrastructure and is required for the registration process.
- [PROMPT_INJECTION]: The skill processes data from external API endpoints and user input, creating a potential surface for indirect prompt injection.
- Ingestion points: Data is retrieved from
https://resolved.sh/listing/...andhttps://$RESOLVED_SH_SUBDOMAIN.resolved.sh/openapi.json, as well as user-provided service details. - Boundary markers: Output from external sources is processed and displayed without explicit delimiters or warnings to ignore embedded instructions.
- Capability inventory: Includes shell command execution via
curl, local JSON parsing withpython3, and file system writes to the/tmpdirectory. - Sanitization: The skill performs input validation, specifically checking the
endpoint_urlagainst SSRF patterns (blocking local and private network addresses) and enforcing naming conventions for services.
Audit Metadata