gstack-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 4 vendored-install flow explicitly runs git clone https://github.com/garrytan/gstack.git into a temp dir and then runs ./setup and migration scripts from the fetched INSTALL_DIR (and later reads CHANGELOG.md), so it fetches and executes code/content from a public GitHub repo which is untrusted third-party content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs a runtime git clone from https://github.com/garrytan/gstack.git and then runs ./setup from the cloned tree, which executes remote code fetched at runtime and is a required part of the vendored upgrade flow.