The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses gh pr diff and git diff to analyze pull requests and local code changes. It also instructs the agent to use standard shell commands like bash -n and grep to perform verification tasks in environments without a formal test runner.
[PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it processes untrusted data from external sources (PR diffs, existing source code) and has the capability to execute commands and write files.
Ingestion points: Untrusted content is ingested via the output of the gh pr diff command and by reading local source files or project artifacts located in .woostack/specs/ and .woostack/plans/.
Boundary markers: There are no specific instructions or delimiters provided to isolate ingested content or prevent the agent from following instructions embedded within that data.
Capability inventory: The skill allows writing to the local file system and execution of shell commands (git, gh, bash, grep).
Sanitization: The skill does not implement validation or sanitization of the external content before it is processed by the agent.

woostack-tdd