The Agent Skills Directory

[COMMAND_EXECUTION]: Uses bash commands to manage sessions, check for updates, and interact with the gstack binary suite located in the vendor's local directory ~/.claude/skills/gstack/bin/.
[DATA_EXFILTRATION]: Contains opt-in telemetry that logs repository folder names and skill usage metrics. It also supports an optional 'Artifact Sync' feature (gbrain) that publishes project plans and designs to a private GitHub repository for cross-machine access.
[EXTERNAL_DOWNLOADS]: References external documentation and blog posts on garryslist.org, which is a domain associated with the skill's author (garrytan).
[REMOTE_CODE_EXECUTION]: Integrates with a codex CLI tool to perform remote AI-assisted evaluation of design plans against hard-coded principles and litmus tests.
[PROMPT_INJECTION]: Ingests external project files such as plans, DESIGN.md, and CLAUDE.md as data for review, which constitutes an indirect prompt injection attack surface, though this is mitigated by the skill's interactive design and use of user confirmation gates.

plan-design-review