stacktree-publish
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided HTML content to the vendor's official API at api.stacktr.ee. This is the primary function of the skill and is clearly documented.
- [COMMAND_EXECUTION]: The skill uses a local shell script to interact with the stacktr.ee service via curl. The script quotes all variables to prevent shell injection and does not invoke untrusted remote code.
- [SAFE]: No hardcoded credentials, obfuscation, or malicious persistence mechanisms were detected. The skill enforces security best practices such as environment-based configuration and PII scanning.
Audit Metadata