Skills
skills/garrytan/gstack/cso/Gen Agent Trust Hub

cso

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill preamble executes several local binaries from the directory ~/.claude/skills/gstack/bin/ and uses eval and source to process their output for environment configuration.
  • [DATA_EXFILTRATION]: Telemetry logic is present that logs repository metadata and usage statistics to local storage and potentially remote endpoints via the gstack-telemetry-log binary.
  • [CREDENTIALS_UNSAFE]: The tool is specifically designed to locate and extract sensitive credentials, including AWS keys, GitHub tokens, and Slack tokens, from project history and configuration files.
  • [PROMPT_INJECTION]: As an auditing tool, it is exposed to indirect prompt injection from untrusted code. (1) Ingestion points: Codebase files scanned during audit phases. (2) Boundary markers: Instructions to ignore instructions within audited files. (3) Capability inventory: Access to shell execution, file writing, and sub-agent spawning. (4) Sanitization: Relies on LLM-based filtering rather than programmatic sanitization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 05:28 PM
Security Audit — agent-trust-hub — cso