gstack

SUSPICIOUS: the core Codex integration is mostly coherent and uses an official OpenAI install path, so this is not malware-like. However, the skill's footprint is broader than a simple read-only wrapper: it edits local files, may modify the plan file, emits telemetry through gstack helper binaries, and sends repo/plan content to an external model service. The main risks are external data exposure, prompt-injection exposure from untrusted content, and scope creep relative to the stated purpose.