document-release
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell operations using the
Bashtool, including git repository queries, configuration management via local binaries, and filesystem modifications in the user's home directory (~/.gstack). - [REMOTE_CODE_EXECUTION]: Uses
evalandsourcecommands to execute logic generated by local utility scripts (gstack-slug,gstack-repo-mode). This dynamic execution is used to initialize environment variables and repository-specific settings. - [DATA_EXFILTRATION]: Contains built-in telemetry and memory-syncing features. The skill collects usage statistics and can publish session history to a private GitHub repository. Both features require explicit user consent via interactive prompts before activation.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The skill reads documentation files (
.md), git logs, and diffs to summarize changes and update files. It lacks boundary markers or sanitization for this external data, which could allow malicious project content to influence the agent's behavior during documentation updates. - Ingestion points: Project documentation files (
README.md,ARCHITECTURE.md, etc.), git logs, and git diffs. - Boundary markers: None present for ingested file content.
- Capability inventory: File
WriteandEdit,Bash(git push/commit), andAskUserQuestiontools. - Sanitization: None observed for processed documentation or commit messages.
Audit Metadata