woostack-commit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill intentionally sends staged diffs/command results to an external "fast" subagent and executes repo-provided shell pre_commit hooks, creating deliberate data-exfiltration and supply-chain/remote-code-execution risks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s workflow uses a fast-subagent to draft PR title/body by passing “any existing PR title/body that should be preserved” into the subagent; that PR body is outsider-authored free text from GitHub (via gh pr view --json ...body...), which the subagent then includes in LLM context for rewriting.