The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill includes a setup routine that downloads the Bun runtime installation script from its official domain (bun.sh). This process implements security best practices by performing a SHA-256 checksum verification of the downloaded script against a hardcoded hash before execution.
[COMMAND_EXECUTION]: The skill utilizes shell commands to manage session data, telemetry, and project-specific state within the ~/.gstack directory. It executes internal binaries and scripts located in the skill's distribution folder to perform configuration lookups and search existing project learnings.
[PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill ingests data from local project files (such as CLAUDE.md and TODOS.md) and previous design documents to provide context. The skill identifies and inventories capabilities but does not perform high-risk autonomous actions based on this potentially untrusted data.

office-hours