retro
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute complex shell operations for repository analysis, configuration management, and framework migration. This includes reading git logs and modifying project files such as CLAUDE.md and .gitignore.
- [REMOTE_CODE_EXECUTION]: Employs dynamic execution patterns including eval and source on the output of local binaries located in the ~/.claude/skills/gstack/bin/ directory. This is used to handle session state and project-specific settings.
- [DATA_EXFILTRATION]: Features telemetry logging capabilities that send usage and outcome data to an external server. This process is subject to user approval during the initial setup.
- [EXTERNAL_DOWNLOADS]: Synchronizes repository data using git fetch and checks for framework updates from remote sources associated with the vendor.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection. Ingestion points: Processes data from git commit logs, TODOS.md, and user-provided context files. Boundary markers: Lacks protective delimiters for untrusted data. Capability inventory: Utilizes Bash and Write tools. Sanitization: No evidence of input validation or escaping for ingested data.
Audit Metadata