qa-only
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the Bun runtime installation script from its official domain (bun.sh) and fetches supplementary documentation from the vendor-related domain garryslist.org.\n- [REMOTE_CODE_EXECUTION]: Executes the Bun installation script using bash after verifying its integrity with a hardcoded SHA-256 checksum to ensure the script has not been tampered with.\n- [COMMAND_EXECUTION]: Runs various local utilities and binaries within the gstack ecosystem for session management, configuration, and telemetry, including the dynamic execution of environment variable exports via eval.\n- [DATA_EXFILTRATION]: Collects anonymous usage telemetry, such as skill execution duration and session IDs, which is logged locally and optionally transmitted to a telemetry endpoint if the user provides explicit consent via a configuration prompt.\n- [PROMPT_INJECTION]: Interacts with and processes content from untrusted external web pages during browser-based testing, creating a surface for potential indirect prompt injection.\n
- Ingestion points: Browser tool outputs and web page snapshots processed in SKILL.md.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands were found for processed web data.\n
- Capability inventory: The skill possesses capabilities for file system writes (reports/screenshots), network access via WebSearch, and shell execution through the Bash tool.\n
- Sanitization: No explicit sanitization or filtering of external web content is performed before processing.
Audit Metadata