design-review
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads an installation script from 'https://bun.sh/install', which is the official well-known distribution point for the Bun JavaScript runtime.
- [REMOTE_CODE_EXECUTION]: The skill executes the downloaded Bun installation script using the shell. This process includes a SHA256 checksum verification step to ensure the integrity of the downloaded file before execution.
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to interact with the local environment, including running utility binaries from the 'gstack' suite, managing local session files in '~/.gstack', and performing Git operations like 'git branch' and 'git status'.
- [DATA_EXFILTRATION]: The skill collects telemetry data (usage duration, skill name, success/failure status) and transmits it to a remote endpoint. This behavior is subject to a user opt-in prompt and can be disabled or set to anonymous mode.
- [DYNAMIC_EXECUTION]: The skill utilizes 'eval' and 'source' commands to dynamically load environment variables and configuration settings from the output of internal helper scripts such as 'gstack-slug' and 'gstack-repo-mode'.
- [PROMPT_INJECTION]: The skill contains instructions to treat the markdown body as executable instructions and to prioritize its internal workflow over generic agent behavior, which is a common pattern for complex multi-step AI agent skills.
Audit Metadata