Skills
skills/garrytan/gstack/plan-ceo-review/Gen Agent Trust Hub

plan-ceo-review

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a suite of local binaries and scripts located in ~/.claude/skills/gstack/bin/. These utilities (e.g., gstack-config, gstack-slug, gstack-timeline-log) handle internal state, project-specific metadata, and telemetry logging.
  • [COMMAND_EXECUTION]: Employs eval and source on the output of local scripts (such as gstack-slug and gstack-repo-mode) to dynamically set environment variables for project context. This is a standard integration pattern for the gstack toolchain.
  • [EXTERNAL_DOWNLOADS]: References official documentation on the author's domain (garryslist.org) and uses local scripts to check for updates. All network-dependent operations are transparently managed via configuration and user prompts.
  • [DATA_EXFILTRATION]: Collects skill usage telemetry (e.g., skill name, duration, session ID). The workflow includes explicit user consent checkpoints (via AskUserQuestion) to enable or disable remote telemetry transmission.
  • [COMMAND_EXECUTION]: The skill can perform automated git operations (e.g., commits for CLAUDE.md or migrating 'vendored' files) but only as part of an explicit user-approved workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 08:08 PM