learn
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to execute local binaries located in~/.claude/skills/gstack/bin/. These commands are used for configuration management (gstack-config), update checks (gstack-update-check), and data logging (gstack-timeline-log). - [REMOTE_CODE_EXECUTION]: The preamble and various commands utilize dynamic execution patterns, including
eval "$(...)"andsource <(...)targeting local gstack binaries. Additionally, the/learn statscommand usesbun -eto execute a JavaScript string for processing JSONL data. These patterns are used to dynamically load environment variables and process local data files. - [DATA_EXFILTRATION]: The skill contains logic for telemetry collection and artifact synchronization. Telemetry (usage events and metadata) is sent via
gstack-telemetry-log, and artifact syncing (sharing designs/reports) is performed via a remote GitHub repository. Both features are governed by user-prompted configuration settings during the initial setup flow. - [PROMPT_INJECTION]: The skill ingests untrusted data from
learnings.jsonl, which contains insights and patterns captured in previous sessions. While this creates a surface for indirect prompt injection, the data is primarily used for informational displays or processed via specific scripts rather than being directly interpolated into high-privilege system instructions without oversight.
Audit Metadata