Skills
skills/garrytan/gstack/plan-devex-review/Gen Agent Trust Hub

plan-devex-review

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill preamble and operational steps execute numerous shell commands and custom binaries (e.g., gstack-config, gstack-slug) stored in ~/.claude/skills/gstack/bin/.
  • [REMOTE_CODE_EXECUTION]: The preamble dynamically executes code by sourcing script output: source <(~/.claude/skills/gstack/bin/gstack-repo-mode). It also uses codex exec for plan evaluation and dynamically loads instructions from other skills like office-hours/SKILL.md.
  • [DATA_EXFILTRATION]: The skill includes opt-in telemetry via gstack-telemetry-log and functionality to sync project artifacts to a remote GitHub repository.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data (Ingestion points: README.md, design docs, etc.) without explicit sanitization or boundary markers while maintaining powerful tools (Capability inventory: Bash, Edit, WebSearch).
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 05:21 PM
Security Audit — agent-trust-hub — plan-devex-review