Skills
skills/garrytan/gstack/sync-gbrain/Gen Agent Trust Hub

sync-gbrain

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes numerous local scripts located in ~/.claude/skills/gstack/bin/ for configuration, state probing, and telemetry logging.
  • [COMMAND_EXECUTION]: Uses eval and source to execute the output of local scripts (e.g., gstack-slug, gstack-repo-mode) to set environment variables.
  • [COMMAND_EXECUTION]: Invokes the primary orchestrator using bun run ~/.claude/skills/gstack/bin/gstack-gbrain-sync.ts, passing user-supplied arguments directly to the script.
  • [DATA_EXFILTRATION]: Contains an opt-in telemetry system that logs skill usage metadata (duration, outcome, session ID, repo name) to ~/.gstack/analytics/ and potentially to a remote endpoint via gstack-telemetry-log.
  • [EXTERNAL_DOWNLOADS]: Includes logic for an 'Inline upgrade flow' that checks for updates and can trigger a gstack upgrade process.
  • [EXTERNAL_DOWNLOADS]: Offers to open an external URL (https://garryslist.org/posts/boil-the-ocean) for documentation purposes.
  • [PROMPT_INJECTION]: Instructions include a directive for the agent to treat the skill file as executable instructions rather than reference material, which is standard for this framework's operational flow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:25 PM
Security Audit — agent-trust-hub — sync-gbrain