Skip to main content

review

Pre-landing PR review. Analyzes diff against main for SQL safety, LLM trust boundary violations, conditional side effects, and other structural issues.

76/100

Security score

The review skill was audited on Mar 16, 2026 and we found 12 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 22

Command substitution pattern

SourceSKILL.md
20
21```bash
22_UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true)
23[ -n "$_UPD" ] && echo "$_UPD" || true
24mkdir -p ~/.gstack/sessions
low line 26

Command substitution pattern

SourceSKILL.md
24mkdir -p ~/.gstack/sessions
25touch ~/.gstack/sessions/"$PPID"
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
27find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true
28_CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true)
low line 28

Command substitution pattern

SourceSKILL.md
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
27find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true
28_CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true)
29```
30
low line 22

Access to home directory dotfiles

SourceSKILL.md
20
21```bash
22_UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true)
23[ -n "$_UPD" ] && echo "$_UPD" || true
24mkdir -p ~/.gstack/sessions
low line 24

Access to home directory dotfiles

SourceSKILL.md
22_UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true)
23[ -n "$_UPD" ] && echo "$_UPD" || true
24mkdir -p ~/.gstack/sessions
25touch ~/.gstack/sessions/"$PPID"
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
low line 25

Access to home directory dotfiles

SourceSKILL.md
23[ -n "$_UPD" ] && echo "$_UPD" || true
24mkdir -p ~/.gstack/sessions
25touch ~/.gstack/sessions/"$PPID"
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
27find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true
low line 26

Access to home directory dotfiles

SourceSKILL.md
24mkdir -p ~/.gstack/sessions
25touch ~/.gstack/sessions/"$PPID"
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
27find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true
28_CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true)
low line 27

Access to home directory dotfiles

SourceSKILL.md
25touch ~/.gstack/sessions/"$PPID"
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
27find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true
28_CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true)
29```
low line 28

Access to home directory dotfiles

SourceSKILL.md
26_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
27find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true
28_CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true)
29```
30
medium line 31

Access to home directory dotfiles

SourceSKILL.md
29```
30
31If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/gstack/gstack-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with 4 options, write snooze state if declined). If `JUST_UPGRADED <from> <to>`: tell user "Running gstack v{to} (just updated!)" and continue.
32
33## AskUserQuestion Format
medium line 52

Access to home directory dotfiles

SourceSKILL.md
50**NOT gstack issues:** user's app bugs, network errors to user's URL, auth failures on user's site.
51
52**To file:** write `~/.gstack/contributor-logs/{slug}.md` with this structure:
53
54```
medium line 72

Access to home directory dotfiles

SourceSKILL.md
70```
71
72Then run: `mkdir -p ~/.gstack/contributor-logs && open ~/.gstack/contributor-logs/{slug}.md`
73
74Slug: lowercase, hyphens, max 60 chars (e.g. `browse-snapshot-ref-gap`). Skip if file already exists. Max 3 reports per session. File inline and continue — don't stop the workflow. Tell user: "Filed gstack field report: {title}"
Scanned on Mar 16, 2026
View Security Dashboard