The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches the Bun runtime installer from https://bun.sh/install. The installation process includes a security check verifying the script's SHA256 checksum against a hardcoded value before execution, following best practices for remote script execution.
[COMMAND_EXECUTION]: Runs local utility binaries and scripts from the ~/.claude/skills/gstack/bin/ directory. Commands such as gstack-slug, gstack-repo-mode, and gstack-config are used to manage project context and configuration via eval and source operations.
[DATA_EXFILTRATION]: Contains logic for telemetry collection and artifact synchronization. Telemetry includes skill usage statistics and repository names used for operational improvements. The skill offers to sync artifacts like plans and reports to a private GitHub repository via the GBrain service. Both features require user consent via interactive prompts using the AskUserQuestion tool during the initial setup.
[PROMPT_INJECTION]: Subject to indirect prompt injection risks when processing content from external websites during QA testing.
Ingestion points: Uses the browse tool to visit and read content from target URLs specified by the user or detected from the project.
Boundary markers: Absent. The skill does not use explicit delimiters or instructions to isolate web content from the agent's instructions.
Capability inventory: The skill has access to Bash, Read, Write, Edit, Glob, and Grep tools.
Sanitization: Absent. There is no evidence of sanitization or filtering of web content before processing.

qa