scrape
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of dynamic shell execution. In its preamble and throughout the instructions, it uses
evalandsourcewith process substitution to execute logic generated by local binaries (e.g.,eval "$(~/.claude/skills/gstack/bin/gstack-slug)"andsource <(~/.claude/skills/gstack/bin/gstack-repo-mode)"). - [COMMAND_EXECUTION]: The skill automates project configuration changes by offering to append 'skill routing' rules to the
CLAUDE.mdfile and subsequently performing git operations (git addandgit commit) to persist those changes. - [DATA_EXFILTRATION]: The skill implements telemetry and remote synchronization features. It tracks skill usage via a local telemetry binary and offers an 'Artifacts Sync' feature to push project data (plans, designs, and reports) to a private GitHub repository. These mechanisms are prompted to the user but represent paths for data to leave the local environment.
- [EXTERNAL_DOWNLOADS]: The skill performs automated network requests for update checks and repository synchronization. It executes
gstack-update-checkand manages artifact repositories usinggit fetchandgit mergecommands. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Because its primary function is to scrape and ingest arbitrary web content into the agent's context, it creates a vulnerability where malicious instructions embedded in a web page could influence the agent's behavior.
Audit Metadata