fusion-issue-solving
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from GitHub issues to drive its implementation workflow.\n
- Ingestion points: External data enters the agent context when reading issue bodies, labels, and linked discussions (SKILL.md, Instructions Step 2).\n
- Boundary markers: The skill lacks explicit instructions to wrap issue content in delimiters or use 'ignore embedded instructions' markers.\n
- Capability inventory: The skill has the ability to execute 'validation commands' and 'required project checks' (SKILL.md, Instructions Step 8) and writes PR-ready output to local files in the .tmp/ directory.\n
- Sanitization: There is no mention of sanitizing or escaping the fetched issue content before the agent interprets it as part of the implementation plan.\n- [COMMAND_EXECUTION]: The skill requests and executes validation commands provided by the repository or user.\n
- Evidence: SKILL.md instructs the agent to run targeted and project-wide checks as part of the validation step. While necessary for the skill's function, this provides a mechanism for executing code influenced by potentially malicious instructions found in an issue description.
Audit Metadata