woostack-build
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and templates found no evidence of malicious patterns, obfuscation, or unauthorized data access.
- [COMMAND_EXECUTION]: The skill executes standard version control commands (Git worktrees, Graphite stacks) and invokes local helper scripts (e.g.,
resolve-base.sh). These operations are used to manage the project structure and development branches within the defined.woostack/directory. - [PROMPT_INJECTION]: The skill is designed to process external markdown files (specifications and 'wisdom' notes) which could theoretically contain instructions. This risk is effectively mitigated by mandatory manual approval steps (gates) defined in the procedure, ensuring the user reviews and approves all specifications and plans before any implementation occurs.
- [DATA_EXFILTRATION]: No suspicious network operations or unauthorized data transfers were identified. All network-adjacent actions (creating PRs) are part of the core functionality for feature development via Git/Graphite.
Audit Metadata