The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The browser setup logic within SKILL.md and its variants provides instructions to download and execute the Bun runtime installer from https://bun.sh/install using a piped-to-bash command pattern if Bun is not detected on the system.
[EXTERNAL_DOWNLOADS]: The gstack-update-check binary and gstack-upgrade skill fetch version information and source code updates from the author's official GitHub repository (github.com/garrytan/gstack) using curl and git clone.
[DATA_EXFILTRATION]: The setup-browser-cookies skill is designed to import authentication cookies from the user's local Chromium browsers into the agent's persistent session. This involves using the macOS Keychain to decrypt cookie values, which is a high-privilege operation gated by system-level user permission dialogs.
[COMMAND_EXECUTION]: Multiple skills, including /ship, /review, and /qa, utilize the Bash tool to perform complex repository management tasks such as git merges, pushing code to origin, and executing local build or test scripts.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its ingestion of untrusted data from web pages and third-party PR comments.
Ingestion points: Data is ingested via the browse command (browse/src/read-commands.ts) and PR comment fetching (review/greptile-triage.md).
Boundary markers: Data from external sources is interpolated into the agent context without explicit delimiters or instructions to ignore embedded instructions.
Capability inventory: The agent has access to powerful tools like Bash, Write, and Edit across most specialized skills.
Sanitization: While path validation is implemented for filesystem safety, no specific sanitization or filtering is applied to the content of ingested text to prevent instruction hijacking.

gstack