fusion-issue-task-planning
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill has an inherent attack surface because it ingests untrusted data from external sources (GitHub issue descriptions and acceptance criteria) to generate task plans.
- Ingestion points: Step 2 (Research the user story) in SKILL.md gathers title, body, and acceptance criteria from GitHub issues.
- Boundary markers: The skill does not define explicit boundary markers for the ingested content, though it uses structured templates for output.
- Capability inventory: The skill can initiate the creation and linking of multiple GitHub issues via the fusion-issue-authoring sub-agent.
- Sanitization: The risk is mitigated by the 'Safety & constraints' section, which mandates explicit same-turn user confirmation before any mutation and requires a 'Status: Awaiting user approval' state.
- [COMMAND_EXECUTION]: The skill utilizes Model Context Protocol (MCP) tools (e.g., mcp_github) to interact with the GitHub API. This interaction is scoped to the tool's defined capabilities and the user's provided permissions.
Audit Metadata