skills/garrytan/gstack/autoplan/Gen Agent Trust Hub

autoplan

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes numerous local binaries and scripts located in ~/.claude/skills/gstack/bin/ to manage configuration, analytics, and state. This is standard behavior for a developer productivity tool of this complexity.
  • [DATA_EXFILTRATION]: The skill implements a telemetry system and an artifact synchronization feature. Usage data and project artifacts (plans, designs) may be sent to external services; however, both features are opt-in and require explicit user confirmation via an interactive prompt before activation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted project data (e.g., CLAUDE.md, plan files, and repository code). To mitigate this, the skill explicitly instructs subagents and external tools like Codex to ignore skill definition files and focus strictly on the project code.
  • [REMOTE_CODE_EXECUTION]: The skill uses eval and source on the output of local helper scripts (e.g., gstack-slug, gstack-repo-mode). Since these scripts are part of the skill's own distributed package and are stored in a predictable local directory, this is considered a standard operational pattern rather than a remote execution risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 06:27 AM
Security Audit — agent-trust-hub — autoplan