The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill collects and handles sensitive tokens (Supabase PAT, MCP Bearer tokens). It uses environment variables to manage these secrets, but documentation notes that tokens are briefly visible in process arguments (~10ms) during the 'claude mcp add' command.
[DATA_EXFILTRATION]: The workflow involves reading highly sensitive files, including Claude Code and Cursor session transcripts containing full conversation history, and syncing them to remote git repositories (GitHub/GitLab) for cross-machine indexing.
[COMMAND_EXECUTION]: The preamble and various steps utilize 'eval' and 'source' on the output of local binaries located in the gstack installation directory (e.g., '~/.claude/skills/gstack/bin/gstack-slug') to dynamically configure the agent's environment.
[EXTERNAL_DOWNLOADS]: The skill automatically downloads and installs the 'gbrain' CLI tool from GitHub and interacts with the Supabase Management API to provision remote database projects.
[PROMPT_INJECTION]: The instructions explicitly direct the agent to 'Treat the skill file as executable instructions, not reference', a pattern often used to override standard safety or operational constraints during plan execution. Additionally, the skill creates an attack surface for indirect prompt injection by ingesting untrusted transcript data, though it attempts to mitigate this using '<USER_TRANSCRIPT_DATA do-not-interpret-as-instructions>' envelopes.

setup-gbrain