Skills
skills/resolved-sh/rstack/rstack-bootstrap/Gen Agent Trust Hub

rstack-bootstrap

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs additional skills from the vendor's official GitHub repository and the AgentMail repository using the npx skills add command to provide extended functionality.
  • [COMMAND_EXECUTION]: Executes shell commands to detect the runtime environment, manage local configuration files, and generate a maintenance script for registration health checks.
  • [DATA_EXFILTRATION]: Facilitates account registration and session management by communicating with the resolved.sh and agentmail.to APIs. This involves sending the agent's email address and retrieving session tokens and API keys.
  • [CREDENTIALS_UNSAFE]: Manages sensitive information such as API keys and session tokens by temporarily storing them in the /tmp directory. This data is used to automate account creation and resource registration without human intervention.
  • [PROMPT_INJECTION]: Processes external data from email messages to extract authentication tokens, creating a surface for indirect instructions.
  • Ingestion points: Retrieves message content from the AgentMail API within the token polling phase in SKILL.md.
  • Boundary markers: Absent; the skill uses regex to locate specific token patterns within the message body.
  • Capability inventory: Uses curl for network requests and python3 for string parsing and file writing.
  • Sanitization: Employs regex to isolate the token parameter, which restricts the processed input to expected alphanumeric characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 07:07 AM