fusion-dependency-review
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it is designed to ingest and analyze untrusted external data.
- Ingestion points: The workflow fetches PR metadata, descriptions, top-level comments, and review threads via the GitHub MCP ('references/instructions.md' and 'agents/research-advisor.md').
- Boundary markers: The instructions do not specify the use of clear delimiters or 'ignore instructions' warnings when processing this external content.
- Capability inventory: The agent has permissions to merge, approve, and rebase pull requests via GitHub MCP, as well as create tasks through the 'fusion-issue-authoring' skill.
- Sanitization: There is no evidence of automated sanitization or filtering of the ingested PR content before analysis.
- [SAFE]: The skill implements strong operational security controls by requiring explicit human confirmation before any approval, merge, or rebase action ('SKILL.md').
- [SAFE]: The instructions include clear prohibitions against the exposure of secrets, tokens, or other sensitive credentials in comments or logs.
- [SAFE]: All repository and network interactions are restricted to the authorized GitHub MCP environment and the vendor's internal tooling. No patterns of unauthorized data exfiltration or remote code execution were found.
Audit Metadata