using-woostack
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that mandate the agent to treat external, project-specific data as authoritative and binding.
- Ingestion points: The agent is instructed to read the root
AGENTS.mdfile and follow its "woostack section as binding project policy." - Boundary markers: There are no defined delimiters or instructions to ignore embedded malicious prompts within the
AGENTS.mdfile. - Capability inventory: While this specific skill is primarily for routing, it directs the agent to load other skills with significant capabilities, such as
woostack-execute(code execution),woostack-init(workspace modification), andwoostack-build(feature construction). - Sanitization: The skill lacks any mechanisms for sanitizing or validating the content of the
AGENTS.mdfile before it is adopted as binding policy. - [PROMPT_INJECTION]: The skill contains explicit override markers that prioritize the
AGENTS.mdfile over all other instructions, including "generic agent defaults."
Audit Metadata