health
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill's preamble and main workflow execute numerous shell commands to manage its state and compute health metrics.
- It invokes several binaries located in the
~/.claude/skills/gstack/bin/directory for configuration, telemetry logging, and status checks. - It executes project-specific tools such as
tsc,biome,eslint,pytest, andknipto analyze code quality. - It performs Git operations including commits for 'Continuous Checkpoint Mode' and modifying
CLAUDE.mdto inject routing rules, though these are typically prompted or configured by the user. - [EXTERNAL_DOWNLOADS]: The skill interacts with external resources and services for updates and documentation.
- It performs update checks using the
gstack-update-checkbinary. - It offers to open an informational URL (
https://garryslist.org/posts/boil-the-ocean) related to the developer philosophy it follows. - It integrates with
gbrain, an external tool for semantic search and artifact indexing, which may involve remote connectivity. - [DATA_EXFILTRATION]: The skill manages data that is shared externally or across machines.
- It collects telemetry data regarding skill usage (duration, outcome, repository name) and logs it locally or to a remote service if the user opts in.
- The 'Artifacts Sync' feature allows users to synchronize project artifacts like plans and reports to a private remote repository, which is explicitly presented as a user choice.
Audit Metadata