Skills
skills/garrytan/gstack/qa-only/Gen Agent Trust Hub

qa-only

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the Bun installation script from https://bun.sh/install if the runtime is not already available on the system.
  • [REMOTE_CODE_EXECUTION]: Executes the Bun installation script using bash. This action is preceded by a SHA-256 checksum verification to ensure the script's integrity.
  • [COMMAND_EXECUTION]: Extensively uses local scripts within the ~/.claude/skills/gstack/bin/ directory for configuration and lifecycle events. It utilizes eval and source to dynamically incorporate the output of these local scripts into the shell environment.
  • [DATA_EXFILTRATION]: Includes an opt-in telemetry system and an artifact synchronization feature. Notably, while the user prompt for telemetry states that repository names are not shared, the underlying script includes the repository's base name in the local analytics log which may be transmitted externally.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 08:08 PM