The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill performs an automated installation of the Bun runtime by downloading a script from https://bun.sh/install. The installation logic includes a hardcoded SHA-256 checksum check to verify the file's integrity before execution. Additionally, the skill can load and follow instructions from an upgrade file (~/.claude/skills/gstack/gstack-upgrade/SKILL.md) if an update is detected.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external websites via a browse tool. Ingestion points include console logs, page text, and links collected from external URLs. No explicit delimiters or instructions to ignore embedded commands are used when processing this output. The agent has access to powerful tools including Bash and Write, which could be targeted by instructions hidden in monitored web content. There is no specified sanitization or validation of the captured content.
[DATA_EXFILTRATION]: The skill collects telemetry data regarding its usage and offers an optional feature to synchronize project artifacts (such as plans and reports) to a remote GitHub repository. These features are part of the vendor's gstack ecosystem and the artifact syncing requires explicit user opt-in via interactive prompts.
[COMMAND_EXECUTION]: The preamble instructions and the setup process execute multiple custom binaries and scripts located in the vendor-specific directory ~/.claude/skills/gstack/bin/. It also uses process substitution to dynamically source the output of the gstack-repo-mode script.

canary