The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's preamble executes multiple local binaries (e.g., gstack-config, gstack-telemetry-log, gstack-brain-sync) located in ~/.claude/skills/gstack/bin/ to manage environment state and telemetry.
[DYNAMIC_EXECUTION]: The preamble uses eval and source with process substitution to execute the output of local helper binaries (gstack-slug, gstack-repo-mode), which is a technique for dynamic configuration loading.
[DATA_EXFILTRATION]: The skill includes an opt-in 'GBrain Sync' feature that synchronizes session memory and artifacts to a private GitHub repository. It also collects usage analytics (skill name, duration, and outcome) which are sent to a remote telemetry service.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted Markdown content which is then rendered into HTML and PDF, presenting an attack surface for indirect prompt injection.
Ingestion points: External Markdown files are read via fs.readFileSync in src/orchestrator.ts.
Boundary markers: No explicit boundary markers or 'ignore' instructions are used during the interpolation of Markdown content into the HTML template.
Capability inventory: The skill has the ability to execute shell commands via browse and pdftotext binaries and can open local files using system tools (open, xdg-open).
Sanitization: The skill implements a sanitizeUntrustedHtml function in src/render.ts which uses regular expressions to strip dangerous elements like , , and various event handler attributes from the HTML output.
[COMMAND_EXECUTION]: The orchestrator calls the browse binary (a Chromium daemon) for PDF generation and pdftotext for verifying the quality of the generated document.

make-pdf