Skills
skills/howarewoo/woostack/woostack-address-comments/Gen Agent Trust Hub

woostack-address-comments

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted review comments fetched from GitHub, creating a surface for indirect prompt injection. \n
  • Ingestion points: Untrusted comment bodies are retrieved via scripts/fetch-threads.sh and stored for analysis in $OUTDIR/address-threads.json. \n
  • Boundary markers: The instructions do not define specific structural delimiters or strict sanitization for comment content when presented to the model. \n
  • Capability inventory: The skill possesses capabilities to modify code, perform git operations, and post GitHub comments. \n
  • Sanitization: Comment data is evaluated without predefined sanitization or filtering. \n- [COMMAND_EXECUTION]: The skill executes local bash scripts and the GitHub CLI to perform its functions. \n
  • Scripts include prefetch.sh, fetch-threads.sh, resolve-thread.sh, and memory-record.sh. \n
  • It utilizes git and gh for repository management. \n
  • All high-impact operations are gated behind a mandatory user approval step. \n- [EXTERNAL_DOWNLOADS]: Pull request threads and metadata are fetched from GitHub's official API. \n
  • Data retrieval is performed using authenticated gh api graphql calls to a trusted service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 08:29 PM
Security Audit — agent-trust-hub — woostack-address-comments