The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's setup process downloads and executes an installation script for the Bun runtime from a remote URL. While it implements a SHA256 checksum verification to ensure the integrity of the downloaded script before execution, this pattern remains a sensitive operation. Evidence: curl -fsSL "https://bun.sh/install" -o "$tmpfile" and subsequent bash "$tmpfile" after the checksum check.
[COMMAND_EXECUTION]: The skill preamble and various workflow steps execute a large number of local binaries and scripts located within the user's home directory (~/.claude/skills/gstack/bin/). These commands handle update checks, telemetry logging, and context management. Evidence: Execution of gstack-update-check, gstack-config, gstack-slug, gstack-repo-mode, and gstack-learnings-search.
[COMMAND_EXECUTION]: The skill initiates a local HTTP server to provide a live preview of the generated HTML assets. Evidence: python3 -m http.server 0 --bind 127.0.0.1.
[DATA_EXFILTRATION]: The skill includes an artifact synchronization feature that can push local design data and plans to a private external repository (GBrain) and logs usage telemetry to the vendor's analytics system. Both features include user opt-in/opt-out mechanisms. Evidence: Usage of git fetch and git merge on ~/.gstack/ repositories and telemetry logging to ~/.gstack/analytics/.
[PROMPT_INJECTION]: The instructions contain directives that attempt to override default agent behaviors by instructing the model to treat the skill file as executable commands rather than reference material. Evidence: "Treat the skill file as executable instructions, not reference. Follow it step by step starting from Step 0".
[EXTERNAL_DOWNLOADS]: The skill fetches external resources such as Google Fonts and the Pretext library from a CDN if local copies are unavailable. Evidence: References to https://fonts.googleapis.com and https://esm.sh/@chenglou/pretext.

design-html