gstack
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Bun installation script from bun.sh, an established developer tool domain.
- [EXTERNAL_DOWNLOADS]: Downloads gstack configuration and components from the author's official GitHub repository (garrytan/gstack).
- [REMOTE_CODE_EXECUTION]: Executes the Bun installer script via shell execution after downloading it from bun.sh. This is a standard procedure for installing this well-known runtime.
- [COMMAND_EXECUTION]: Spawns various shell processes for git operations, test execution, and system diagnostics which are necessary for the skill's stated purpose as an engineering assistant.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the web using its browsing capabilities. It implements defensive measures by wrapping this external content in clear boundary markers (--- BEGIN/END UNTRUSTED EXTERNAL CONTENT ---) and providing explicit instructions to the AI agent to ignore any commands or instructions contained within those markers.
- Ingestion points: browse/SKILL.md (via web navigation)
- Boundary markers: Present (explicit markers used)
- Capability inventory: Subprocess execution, file system access, and network operations are available throughout the skill's utility scripts.
- Sanitization: Instructions are provided to treat page content as data only and to ignore embedded instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata