ship
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands including
git,gh, andglabto manage the development lifecycle and interact with remote repositories. - [COMMAND_EXECUTION]: It relies on a suite of local framework binaries located in
~/.claude/skills/gstack/bin/to perform tasks such as telemetry logging, configuration management, and update checks. - [DYNAMIC_EXECUTION]: The preamble uses
evalandsource <(...)patterns to dynamically load configurations and environment variables generated by local framework scripts likegstack-slugandgstack-repo-mode. - [DATA_EXFILTRATION]: The skill implements an opt-in telemetry system that records skill usage metrics (duration, outcome, and session IDs). These events are handled by a local binary, and the instructions explicitly state that sensitive data like code or file paths are excluded from telemetry.
- [EXTERNAL_DOWNLOADS]: It identifies the
@openai/codexpackage as an optional dependency for enhanced adversarial reviews, though it does not automatically install it.
Audit Metadata