Skills
skills/garrytan/gstack/office-hours/Gen Agent Trust Hub

office-hours

Fail

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes logic to download an installation script from https://bun.sh/install and execute it via bash. Although it performs a SHA256 checksum verification, this remains a remote code execution pattern.
  • [COMMAND_EXECUTION]: The skill executes multiple local binaries stored in ~/.claude/skills/gstack/bin/ to manage configuration, telemetry, and session metadata.
  • [COMMAND_EXECUTION]: Employs dynamic execution patterns such as eval and source <(...) on the output of local commands and binaries.
  • [DATA_EXFILTRATION]: Transmits telemetry and analytics (usage statistics, repository names) to external services via a dedicated logging binary.
  • [EXTERNAL_DOWNLOADS]: Fetches the Bun installer from its official domain and downloads documentation from garryslist.org.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data from the repository (CLAUDE.md, TODOS.md, git logs) and web search results.
  • Ingestion points: Reads CLAUDE.md, TODOS.md, git logs, and WebSearch results.
  • Boundary markers: None identified in the processing logic for these inputs.
  • Capability inventory: Uses Bash for command execution, plus Write, Edit, and open for file and browser operations.
  • Sanitization: No evidence of content sanitization or validation before interpolation into the agent's context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 3, 2026, 08:17 AM