woostack-debug
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted inputs like error logs and stack traces.
- Ingestion points: Error messages, logs, and stack traces processed in Phase 1 and Phase 3 of the debugging workflow.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for the ingested diagnostic data.
- Capability inventory: The skill has the capability to read local files and execute existing repository tests or commands.
- Sanitization: No sanitization process or validation logic is described for the processed data.
- Remediation: Wrap external content in delimiters and provide explicit instructions for the agent to ignore any commands or instructions found within diagnostic data.
- [COMMAND_EXECUTION]: The skill requires the agent to execute existing repository tests and commands in Phase 3 to verify debugging hypotheses. It also invokes a local workspace script named recall.sh, which is part of the vendor-provided woostack-init toolset, to retrieve project context.
Audit Metadata