gstack Retro

What to consider before installing or running this skill: - Persistence mismatch: The description promises persistent history/trend tracking but the skill has no install or storage instructions. If you expect history to be saved, ask the author how/where data will be stored and what credentials are needed to write that storage. - Working directory safety: The SKILL.md assumes it's run in the repository root. Run it only from a checked-out repo root, or modify the instructions to verify presence of .git and to cd into the intended repo before running commands. Otherwise commands like find . could scan unintended directories. - Network/credential usage: git fetch origin main will contact the repo remote and may use existing SSH keys or credential helpers. Ensure the environment it runs in has the intended remote and permissions; do not run it in environments where private keys or wide network access could be abused. - Review outputs before sharing: The commands extract author names, emails (git config user.email is called) and full commit messages — these can contain sensitive info. Treat the generated retro as potentially sensitive and avoid uploading it to third-party services without consent. - If you need persistent tracking: require the skill to include an explicit storage option (local file path, configured database or object store) and to declare any required env vars/credentials for that store. Alternatively run the provided commands locally and collect/store results under your control. If you want, I can produce a safer version of the SKILL.md that: validates current directory is a git repo, limits find . to repository files only, avoids fetching remotes unless confirmed, and documents where persistent data would be stored and what credentials would be required.