The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform configuration checks, manage local state in ~/.gstack/, and orchestrate the entire software shipping pipeline including git operations and CLI tool invocations.
[REMOTE_CODE_EXECUTION]: Utilizes dynamic execution patterns by using eval and source on the output of local binaries provided by the vendor (e.g., eval "$(~/.claude/skills/gstack/bin/gstack-slug ...)"). This pattern allows for the execution of dynamically generated shell commands.
[DATA_EXFILTRATION]: The skill is configured to send repository diffs and metadata to third-party services like Greptile and OpenAI Codex for code review. It also transmits usage telemetry (skill name, duration, stable device ID) to the vendor's logging infrastructure.
[PROMPT_INJECTION]: Exposed to indirect prompt injection as it ingests untrusted project data from files like CLAUDE.md, TODOS.md, and CHANGELOG.md to influence the agent's summary generation and decision-making logic without explicit boundary markers or sanitization.
[EXTERNAL_DOWNLOADS]: Includes logic for update checks and automated test framework bootstrapping, which involves fetching and installing packages from public registries such as npm, PyPI, and RubyGems.

ship