Skills
skills/howarewoo/woostack/woostack-sweep/Gen Agent Trust Hub

woostack-sweep

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various CLI tools including git, gt (Graphite), and gh (GitHub) to automate branch management, PR review checks, and code submission.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it retrieves and processes untrusted data from external PRs.
  • Ingestion points: PR comments and descriptions are ingested via the gh tool in SKILL.md.
  • Boundary markers: The skill does not define specific delimiters to separate untrusted PR data from its internal instruction logic.
  • Capability inventory: The skill can modify the local filesystem (via the woostack-address-comments skill) and push changes to remote repositories (gt submit), creating a path for malicious data to influence the codebase.
  • Sanitization: No explicit sanitization or validation of the ingested PR content is performed.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with GitHub to fetch PR metadata and branch state. These operations target a well-known service and are necessary for the skill's stated functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 04:06 PM
Security Audit — agent-trust-hub — woostack-sweep