office-hours
YC Office Hours — two modes. Startup mode: six forcing questions that expose demand reality, status quo, desperate specificity, narrowest wedge, observation, and future-fit. Builder mode: design thinking brainstorming for side projects, hackathons, learning, and open source. Saves a design doc. Use when asked to "brainstorm this", "I have an idea", "help me think through this", "office hours", or "is this worth building". Proactively invoke this skill (do NOT answer directly) when the user describes a new product idea, asks whether something is worth building, wants to think through design decisions for something that doesn't exist yet, or is exploring a concept before any code is written. Use before /plan-ceo-review or /plan-eng-review. (gstack)
Security
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). This skill explicitly runs WebSearch and a browse/setup flow (see "Phase 2.75: Landscape Awareness" which asks to "search for what the world thinks" and read the top results), opens arbitrary public URLs (e.g., "open https://garryslist.org/..."), and even downloads third-party install scripts via curl in the SETUP step—all of which cause the agent to fetch and interpret untrusted public web content that can influence decisions and tool use.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill's SETUP step conditionally runs a one-shot installer that downloads and executes remote code (curl -fsSL "https://bun.sh/install" -o "$tmpfile" && BUN_VERSION="$BUN_VERSION" bash "$tmpfile"), so https://bun.sh/install is fetched and executed at runtime and thus directly enables runtime behavior.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes many explicit shell commands that read/write files in the user's home and repo (mkdir/touch/echo, git add/commit, git rm), run installers and local binaries (curl bun install, gstack setup, codex/codex-exec), and change local configs/telemetry — so it directly instructs the agent to modify machine state (even though it doesn't request sudo or edit system files).
- Repository
- garrytan/gstack
- Commit
db9447c
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.