review
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's preamble and operational workflows execute numerous shell commands and local binaries (e.g.,
gstack-config,gstack-timeline-log) located in~/.claude/skills/gstack/bin/to manage project state, configuration, and activity logs. - [DATA_EXFILTRATION]: Includes opt-in features for usage telemetry and artifact synchronization. Users are explicitly prompted to consent before usage data or project artifacts (such as plans and reports) are shared with the developer's infrastructure or private GitHub repositories.
- [EXTERNAL_DOWNLOADS]: Fetches PR metadata and discussion history from GitHub and GitLab using official CLI tools (
ghandglab). The skill also suggests the installation of well-known third-party packages, such as@openai/codex, to extend its analysis capabilities. - [PROMPT_INJECTION]: As a code review tool, the skill naturally ingests untrusted external data including git diffs, PR descriptions, and commit messages. It mitigates potential instruction override risks by using structured checklists and specific agent instructions to maintain focus on the review task.
- [REMOTE_CODE_EXECUTION]: Utilizes
evalandsourceon the output of local gstack utility binaries to dynamically establish project context, slugs, and repository modes. These operations are restricted to the local installation directory.
Audit Metadata