skillify
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Executes multiple internal scripts and binaries from the '~/.claude/skills/gstack/bin/' directory for task management, telemetry, and configuration.
- [COMMAND_EXECUTION]: Uses 'eval' and 'source' on the output of local binaries ('gstack-slug', 'gstack-repo-mode') to dynamically configure the shell environment.
- [COMMAND_EXECUTION]: Automatically generates TypeScript scripts and tests based on previous scraping sessions and executes them locally via 'bun test' for validation.
- [COMMAND_EXECUTION]: Performs various Git operations, including commits for 'Continuous Checkpoint Mode' and synchronization of project artifacts.
- [DATA_EXFILTRATION]: Provides an opt-in feature to sync project artifacts (such as plans and reports) to a remote GitHub repository and logs usage telemetry, both of which are controlled by user-facing approval prompts.
- [SAFE]: The skill processes data from previous conversation turns (ingestion point) to synthesize code. While it lacks explicit boundary markers or sanitization for this data, its primary capabilities (file writes, git commits, and bun tests) are subject to 'AskUserQuestion' approval gates before final execution, and the operations are part of the intended automation workflow.
Audit Metadata