The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses eval "$(~/.claude/skills/gstack/bin/gstack-slug ...)" and source <(~/.claude/skills/gstack/bin/gstack-repo-mode ...) within its preamble. These patterns execute shell code dynamically generated by external binaries, which can modify the agent's environment or execute arbitrary commands at runtime.
[COMMAND_EXECUTION]: The skill frequently executes shell commands and external binaries located in ~/.claude/skills/gstack/bin/, including update checks, telemetry logging, and learning searches. It also includes logic to automatically modify the CLAUDE.md file and perform a git commit to persist skill routing rules.
[DATA_EXFILTRATION]: The skill accesses PII by reading git config user.name and git config user.email. It logs telemetry data (including repository names, skill usage statistics, and session IDs) to local JSONL files and potentially sends this data to a remote endpoint via the gstack-telemetry-log binary.
[PROMPT_INJECTION]: The instructions contain directives such as 'Treat the skill file as executable instructions, not reference', which aims to override the model's standard safety handling of external documents in favor of strict, step-by-step obedience to the skill's workflow.

retro