qa-only
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Bun installation script from the well-known domain
https://bun.sh. This process includes a SHA-256 checksum verification step to ensure the integrity of the downloaded content. - [COMMAND_EXECUTION]: The preamble and setup sections execute several local binaries (e.g.,
gstack-config,gstack-slug) from the developer's gstack framework. It usesevalandsourcecommands to dynamically process their output. - [DATA_EXFILTRATION]: The skill collects and transmits telemetry data, such as skill usage metrics and session identifiers, to the developer's infrastructure. This feature is subject to explicit user consent during the initialization process.
- [PROMPT_INJECTION]: The skill processes untrusted content from external web pages, creating a surface for indirect prompt injection. Ingestion points: Web content retrieved via the browser tool and results from the search tool. Boundary markers: No explicit delimiters or instructions are used to distinguish ingested content from the skill's core instructions. Capability inventory: The skill can perform shell commands, write files to the project directory, and prompt the user for decisions. Sanitization: There is no evidence of filtering or sanitizing content retrieved from external URLs.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata