autoplan
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes numerous local binaries and scripts located in
~/.claude/skills/gstack/bin/to manage configuration, analytics, and state. This is standard behavior for a developer productivity tool of this complexity. - [DATA_EXFILTRATION]: The skill implements a telemetry system and an artifact synchronization feature. Usage data and project artifacts (plans, designs) may be sent to external services; however, both features are opt-in and require explicit user confirmation via an interactive prompt before activation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted project data (e.g.,
CLAUDE.md, plan files, and repository code). To mitigate this, the skill explicitly instructs subagents and external tools like Codex to ignore skill definition files and focus strictly on the project code. - [REMOTE_CODE_EXECUTION]: The skill uses
evalandsourceon the output of local helper scripts (e.g.,gstack-slug,gstack-repo-mode). Since these scripts are part of the skill's own distributed package and are stored in a predictable local directory, this is considered a standard operational pattern rather than a remote execution risk.
Audit Metadata