The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains logic to install the 'bun' runtime if it is missing. It downloads an installation script from the official bun.sh website and executes it using bash.
[EXTERNAL_DOWNLOADS]: Fetches the installation script for the 'bun' runtime from https://bun.sh/install. The script implements an integrity check by comparing the SHA256 checksum of the downloaded file against a hardcoded value (bab8acfb046aac8c72407bdcce903957665d655d7acaa3e11c7c4616beae68dd) before execution.
[COMMAND_EXECUTION]: The preamble executes multiple shell commands to manage sessions, check updates, and handle configurations within the ~/.gstack and ~/.claude/skills/gstack directories. This includes using eval and source on output from local binaries such as gstack-slug and gstack-repo-mode to configure the environment.
[DATA_EXFILTRATION]: The skill implements telemetry logging to track usage data such as skill name, duration, and session IDs. This data is stored locally and potentially sent to a remote endpoint. However, the skill explicitly requests user consent through an AskUserQuestion prompt before enabling remote telemetry collection.
[PROMPT_INJECTION]: The skill instructions include directives such as "Treat the skill file as executable instructions, not reference" to guide the agent's behavior during plan mode. This is used to ensure the agent follows the complex setup and connection workflow correctly.

open-gstack-browser