gstack-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones a public GitHub repo (git clone https://github.com/garrytan/gstack.git in Step 4 for vendored installs) and then runs ./setup and migration scripts and reads $INSTALL_DIR/CHANGELOG.md (Step 6) so it ingests and executes/interprets untrusted third‑party content from the open web as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). During the vendored upgrade flow the skill executes git clone --depth 1 https://github.com/garrytan/gstack.git at runtime and then runs ./setup from the cloned tree, which fetches and executes remote code (https://github.com/garrytan/gstack.git).