The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The framework's setup process fetches and executes the Bun runtime installer from bun.sh. This is a well-known service, and the installation is verified via a hardcoded SHA-256 checksum to ensure integrity.
[REMOTE_CODE_EXECUTION]: Includes a dedicated skill for delegating code reviews and adversarial challenges to the OpenAI Codex CLI. This allows an external AI system to execute commands and analyze the repository code independently.
[COMMAND_EXECUTION]: Makes extensive use of shell commands for local project management, including project state logging, git operations, and environment configuration. It includes a safety mode designed to warn users about destructive commands.
[DATA_EXFILTRATION]: Implements an opt-in telemetry system that transmits anonymous usage statistics, such as skill names and durations, to Supabase. This telemetry is disabled by default and requires explicit user consent.
[PROMPT_INJECTION]: Automated detection flagged steering instructions within CHANGELOG.md and preamble sections. These appear to be standard operational guidelines for the agent to follow when using different versions of the tool and are not malicious in nature.

gstack