The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to automate Git operations, run project test suites (via bin/test-lane or npm run test), and execute a collection of vendor-provided utility binaries located in ~/.claude/skills/gstack/bin/.
[DATA_EXFILTRATION]: Includes telemetry and artifact synchronization features. Telemetry tracks skill usage statistics, while artifact sync allows for publishing plans and reports to a private GitHub repository for cross-machine indexing. These features are implemented with explicit user-consent prompts (via AskUserQuestion) before any data is transmitted.
[EXTERNAL_DOWNLOADS]: Performs version checks and can trigger an inline upgrade process to fetch the latest versions of the skill components from the vendor's repository.
[COMMAND_EXECUTION]: Utilizes platform-specific CLIs like gh (GitHub) and glab (GitLab) for Pull/Merge Request management, as well as the codex CLI for performing automated adversarial and design reviews on the codebase.
[PROMPT_INJECTION]: As a code analysis and summarization tool, it is theoretically susceptible to indirect prompt injection if malicious instructions are embedded in the source code or documentation it processes. This risk is inherent to the task of PR generation and is mitigated by the user's ability to review the generated output before finalizing the ship workflow.

ship