setup-deploy
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a complex preamble and multiple setup steps that execute local binaries (e.g.,
gstack-config,gstack-slug,gstack-brain-sync) and shell commands to manage environment state, session tracking, and project metadata. - [COMMAND_EXECUTION]: The skill employs dynamic execution patterns, specifically
evalandsource <(...), to load environment variables and configurations generated by its own utility binaries. - [DATA_EXFILTRATION]: The skill includes an opt-in telemetry system and an artifact synchronization feature (
gbrain). Usage data is logged locally and may be sent to remote endpoints, while project artifacts can be synced to a remote repository; both behaviors are governed by user prompts and configuration settings. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads untrusted project files—such as
CLAUDE.md,fly.toml,render.yaml, and GitHub Action workflows—to extract deployment parameters. - Ingestion points: Reads
CLAUDE.mdand various platform configuration/workflow files (SKILL.md). - Boundary markers: None identified.
- Capability inventory: The skill has
Bash,Write,Edit, and network access (curl) capabilities. - Sanitization: No explicit sanitization or validation of extracted configuration values is mentioned before they are written back to
CLAUDE.mdor used in prompts. - [COMMAND_EXECUTION]: Deployment verification steps involve executing platform-specific CLI tools (e.g.,
fly status,vercel ls) and performing network checks viacurlto confirm endpoint availability.
Audit Metadata