plan-eng-review
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes numerous utility scripts from the vendor's local directory (~/.claude/skills/gstack/bin/) to handle configuration, telemetry, and session management.
- [COMMAND_EXECUTION]: Employs eval and process substitution (source <(...)) to execute dynamic shell commands produced by local scripts such as gstack-slug and gstack-repo-mode.
- [DATA_EXFILTRATION]: Implements a telemetry system that logs usage metadata (duration, outcome, repository name) to local files and optionally to a remote endpoint, subject to user preference.
- [REMOTE_CODE_EXECUTION]: Supports an 'outside voice' feature that uses the codex tool to perform remote AI-assisted analysis of development plans.
- [SAFE]: Reading and processing external plan files and design documents creates a potential surface for indirect prompt injection; however, this is a core function of the engineering review capability and is handled within the vendor's ecosystem.
- Ingestion points: Reads plan files, design documents, CLAUDE.md, and TODOS.md.
- Boundary markers: No explicit delimiters are used when interpolating file content into prompts for review.
- Capability inventory: The skill has Bash and Write capabilities and can execute various local gstack binaries.
- Sanitization: No explicit sanitization or filtering of the ingested content is performed before processing.
Audit Metadata