woostack-review
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches audit utilities and best-practice guidelines from trusted organizations and well-known registries. It downloads
impeccableandreact-doctorvianpxfrom the public npm registry, and fetches security and database audit rubrics using the GitHub CLI from official repositories of OpenAI and Supabase. - [PROMPT_INJECTION]: The skill implements a secure pipeline for processing untrusted pull request data (code diffs and comments) with a well-defined evidence chain for mitigation.
- Ingestion points: Untrusted PR comment bodies and diff content enter the agent context in
scripts/load-prompt.shandscripts/prefetch.sh. - Boundary markers: Present. The skill employs explicit XML-style tags and cryptographically random heredoc delimiters in
scripts/load-prompt.shto isolate untrusted data and prevent escape attempts. - Capability inventory: Orchestrator and sub-agents have access to shell execution, file system access, and GitHub API interactions, but risk is mitigated through isolated execution contexts.
- Sanitization: Present. A
sanitize_untrustedfunction inscripts/load-prompt.shremoves control characters and potential escape tags from user-supplied comments.
Audit Metadata