woostack-bootstrap
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses various command-line tools for project initialization and verification. This includes npx (e.g., create-next-app), cargo, uv, npm view, and build/test runners like turbo, vitest, and biome. These operations are core to the skill's purpose and are intended to be executed in the local development environment.
- [EXTERNAL_DOWNLOADS]: The skill performs lookups and downloads from well-known package registries including npm, PyPI, crates.io, and Go's module proxy. These are used to resolve and install the latest stable versions of dependencies for the user-selected stack. As these target well-known services, they are documented as neutral operations.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where untrusted data could influence agent behavior.
- Ingestion points: User goal input (SKILL.md) and registry metadata from npm/PyPI lookups (references/frameworks.md).
- Boundary markers: The agent is instructed to use a targeted questionnaire to clarify goals and must receive explicit user sign-off before any scaffolding occurs.
- Capability inventory: The skill executes CLI scaffolding tools, manages file system layout, and runs build/test pipelines (references/bootstrap.md).
- Sanitization: Relies on the presentation of stack options for human review and approval (references/decisions.md) before execution.
Audit Metadata