The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's preamble executes several internal scripts and binaries located in ~/.claude/skills/gstack/bin/ to manage configuration, telemetry, and session state. It uses eval and source <(...) to dynamically execute shell code generated by these local utilities (e.g., gstack-slug and gstack-repo-mode). It also executes the codex CLI and various git and gh commands.
[EXTERNAL_DOWNLOADS]: The skill performs network operations including checking for updates, executing git fetch and git merge for cross-machine memory synchronization (GBrain Sync), and calling the GitHub API (gh api) to fetch PR comments. It also prompts the user to open an external URL (https://garryslist.org/posts/boil-the-ocean) in the browser.
[DATA_EXFILTRATION]: The skill logs telemetry data locally, which includes repository names. It provides an opt-in feature to synchronize session artifacts like plans and learnings to a private GitHub repository. If enabled, remote telemetry transmits usage statistics and session IDs.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources, specifically pull request comments (via Greptile) and project plan files. This data is used to inform code reviews and suggested fixes.
Ingestion points: PLAN_FILE and GitHub PR/Issue comments (via gh api).
Boundary markers: Absent for the ingested external content.
Capability inventory: The skill has access to shell execution (Bash), file modification (Write, Edit), and sub-agent dispatch (Agent).
Sanitization: No explicit sanitization or filtering of the ingested content is documented before it is processed by the AI.

review