benchmark
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill fetches and executes an installation script for the Bun runtime from
https://bun.sh/install. The script's integrity is verified using a SHA256 checksum comparison before it is executed by the shell. - [COMMAND_EXECUTION]: The skill executes multiple local binaries located in
~/.claude/skills/gstack/bin/to manage session state, telemetry, and configuration. It usesevalandsourcewith process substitution to dynamically incorporate the output of these local commands into the active environment. - [COMMAND_EXECUTION]: The skill can perform automated project modifications, such as creating a
CLAUDE.mdfile and committing changes via Git, based on user interaction with setup prompts. - [PROMPT_INJECTION]: The skill uses the browser tool to collect performance metrics from user-provided URLs. This data is then processed to generate reports, creating a surface for indirect prompt injection where malicious content on a web page could attempt to influence agent behavior.
- Ingestion points: Performance metrics and JavaScript evaluation results retrieved from external URLs via the browse tool in
SKILL.md. - Boundary markers: None identified; the skill evaluates and parses browser output directly.
- Capability inventory: Access to the
Bashtool (arbitrary command execution),Writetool (file system modification), and Git operations. - Sanitization: No validation or sanitization of the data returned by the browser is performed before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata