The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function is to execute instructions from markdown files located in .woostack/plans/ unattended.
Ingestion points: The agent reads and processes plan files from .woostack/plans/<plan-path>.
Boundary markers: The skill includes explicit instructions for a 'Pre-flight' review where the agent must critically review the plan for gaps and safety violations before starting. It states 'safety is never relaxed for autonomy' and 'destructive / secret-touching / auth-mutating / network steps' must never be auto-approved.
Capability inventory: The agent can perform Git operations (commits, branch creation, worktree management), file writes (to .woostack/overnight/), and spawn sub-agents for reviews via woostack-review.
Sanitization: The skill relies on an internal reasoning loop ('Pre-flight review') to identify and refuse malicious or 'doomed' plans before execution begins.
[COMMAND_EXECUTION]: The skill includes shell scripts for testing that execute other files based on naming patterns.
Evidence: The file scripts/tests/run-tests.sh contains a loop for t in test-*.sh; do bash "$t"; done which executes any script in the directory matching the test- prefix. This is a common pattern for test runners but represents a mechanism for executing local files.

woostack-execute-overnight