cso
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The preamble in
SKILL.mdexecutes a wide range of shell commands to manage local session state, check for updates, and handle configuration within the~/.gstackand~/.claude/skills/gstack/directories. - [REMOTE_CODE_EXECUTION]: The skill performs dynamic code execution by using
eval "$(~/.claude/skills/gstack/bin/gstack-slug)"andsource <(~/.claude/skills/gstack/bin/gstack-repo-mode). While these scripts are part of the local vendor-provided toolkit, the pattern involves executing dynamically generated output. - [DATA_EXFILTRATION]: The skill includes functionality to transmit telemetry data and synchronize session memory to remote endpoints or repositories. Features like
gstack-telemetry-logand 'GBrain Sync' send usage metadata and project artifacts to external services, although these are generally presented as opt-in features. - [PROMPT_INJECTION]: As a security auditor, the skill is designed to ingest and analyze untrusted external codebase content. This creates an indirect prompt injection surface. The skill includes an 'Anti-manipulation' rule to mitigate this by instructing the agent to ignore directions found within the audited code, but the risk remains inherent to the skill's data processing model.
Audit Metadata