CtrlK
BlogDocsLog inGet started
Tessl Logo

health

Code quality dashboard. Wraps existing project tools (type checker, linter, test runner, dead code detector, shell linter), computes a weighted composite 0-10 score, and tracks trends over time. Use when: "health check", "code quality", "how healthy is the codebase", "run all checks", "quality score". (gstack)

Invalid
This skill can't be scored yet
Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →
SKILL.md
Quality
Evals
Security

Security

2 findings — 1 critical severity, 1 high severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.

Critical

E004: Prompt injection detected in skill instructions

What this means

Detected a prompt injection in the skill instructions. The skill contains hidden or deceptive instructions that fall outside its stated purpose and attempt to override the agent’s safety guidelines or intended behavior.

Why it was flagged

Potential prompt injection detected (high risk: 0.80). The skill contains explicit, non-dashboard actions (persisting/updating CLAUDE.md, committing/removing vendored files, changing telemetry/proactive/gbrain sync settings, auto-touching config files, and logging/sending telemetry) that modify repo/config state and can cause data movement — behavior outside the stated "produce dashboard and recommendations only" purpose.

Report incorrect finding
High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 1.00). The skill reads and echoes local config/remote values (e.g., the brain remote URL from ~/.gstack-brain-remote.txt and other home-config fields) and prints them verbatim in its output, which can expose embedded credentials or tokens if those files/URLs contain them.

Report incorrect finding
Repository
garrytan/gstack
Commit

db9447c

Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill