The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses its preamble to perform extensive environment checks and session management by executing several local binaries and dynamically loading shell code.
Evidence: The preamble in SKILL.md executes binaries like gstack-update-check, gstack-config, and gstack-slug. It utilizes eval and command substitution (source <(...)) to execute the output of these binaries directly in the shell environment.
[DATA_EXFILTRATION]: The skill contains functionality for usage telemetry and synchronization of project data to external services, though these are presented as opt-in features for the user.
Evidence: The SKILL.md preamble and telemetry section describe an opt-in system that logs skill usage to ~/.gstack/analytics/ and sends data via gstack-telemetry-log. Additionally, the skill includes a feature to synchronize project artifacts (like reports and designs) to a private GitHub repository for indexing.
[PROMPT_INJECTION]: The skill ingests and processes user-controlled markdown files, which presents a surface for indirect prompt injection attacks despite the presence of sanitization.
Ingestion points: Markdown content is ingested from user-provided file paths in src/orchestrator.ts.
Boundary markers: No explicit boundary markers or "ignore instructions" delimiters are used when interpolating the markdown content into the rendering pipeline.
Capability inventory: The skill executes local binaries (browse, pdftotext) via execFileSync and has the ability to write files to the system.
Sanitization: The src/render.ts file includes a sanitizeUntrustedHtml function that strips dangerous HTML elements (e.g., <script>, <iframe>) and event handlers (e.g., onclick) from the rendered output.

make-pdf