design-review
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Bun installer from its official domain (bun.sh) if the runtime is missing during setup.
- [REMOTE_CODE_EXECUTION]: Executes the Bun installation script after verifying its integrity with a hardcoded SHA256 checksum.
- [COMMAND_EXECUTION]: Utilizes bash commands and local binaries (e.g., gstack-config, gstack-slug) to manage project sessions, configuration, and telemetry within the ~/.gstack and ~/.claude directories.
- [PROMPT_INJECTION]: The skill ingests untrusted content from the web via search and browsing tools, creating a surface for indirect prompt injection.
- Ingestion points: External websites retrieved via the browse tool and WebSearch.
- Boundary markers: None identified in the instruction set.
- Capability inventory: File system modification, shell command execution, and git operations.
- Sanitization: No explicit sanitization of external content is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata