canary
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup routine downloads the Bun installation script from the official well-known service URL
https://bun.sh/install. The script implements a security best practice by verifying the downloaded file against a hardcoded SHA256 checksum (bab8acfb046aac8c72407bdcce903957665d655d7acaa3e11c7c4616beae68dd) before execution. - [COMMAND_EXECUTION]: The preamble and core workflow execute various local helper binaries located in the vendor's directory (
~/.claude/skills/gstack/bin/). These tools manage configuration, telemetry, project slugs, and timeline logging as part of the skill's operational framework. - [DATA_EXFILTRATION]: The skill implements a telemetry system that collects metadata such as skill duration, outcomes, and repository names. This system is transparently managed: users are prompted via
AskUserQuestionto choose their telemetry level (Community, Anonymous, or Off), and the data is stored locally in~/.gstack/analytics/before any remote transmission. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from external websites (via
links,text, andconsolecommands) during the monitoring phases. - Ingestion points: External site links and page text are read using the browse daemon in Phases 3, 4, and 5.
- Boundary markers: The instructions do not specify explicit delimiters for the data ingested from external URLs.
- Capability inventory: The skill has access to
Bash,Read, andWritetools to perform monitoring and reporting. - Sanitization: No explicit sanitization or filtering of the external site content is described in the workflow.
Audit Metadata