Skills
skills/garrytan/gstack/document-release/Gen Agent Trust Hub

document-release

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple local binaries and shell commands for configuration, session tracking, and environment detection, including gstack-config, gstack-update-check, and gstack-timeline-log. It also leverages gh and glab CLI tools for interaction with git hosting platforms.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic execution of shell code using eval on the output of gstack-slug and source on the output of gstack-repo-mode. Additionally, it performs git fetch and merge operations on an artifacts repository using a remote URL defined in local configuration files.
  • [DATA_EXFILTRATION]: The skill collects telemetry data (skill name, duration, outcome) and transmits it via the gstack-telemetry-log binary. It also reads the agent's platform configuration file ~/.claude.json to identify MCP server settings.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from various project documentation files (e.g., README.md, ARCHITECTURE.md) and pull request descriptions. While it has access to high-privilege tools like Bash and Write, it lacks defined boundary markers or sanitization routines to isolate this external content from the agent's instruction context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 05:29 PM
Security Audit — agent-trust-hub — document-release