fusion-skill-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill functions as a generator that processes user-supplied requirements to create instructions and metadata for new skills, which constitutes a surface for indirect prompt injection.
- Ingestion points: User input regarding skill purpose, activation cues, and expected outputs gathered during the scaffolding process in
SKILL.mdandagents/scoper.md. - Boundary markers: The skill uses a structured template for the generated
SKILL.mdfile but does not implement specific delimiters or escaping for user-supplied strings within the generated instructions. - Capability inventory: The agent is empowered to write files to the repository and execute validation commands (such as linters or catalog-specific scripts) mentioned in
SKILL.mdStep 6. - Sanitization: The skill includes explicit validation rules for metadata fields, such as enforcing kebab-case for names and character limits for descriptions, which serves as a basic sanitization layer.
- [SAFE]: No malicious patterns or suspicious behaviors were detected in the skill's own code or instructions. It follows established best practices for skill authoring.
- [REMOTE_CODE_EXECUTION]: The instructions explicitly forbid the use of remote-code execution patterns, specifically warning against scripts that use 'download-and-run' methods.
- [DATA_EXFILTRATION]: The skill includes a 'Safety & constraints' section that explicitly prohibits hidden network access and the harvesting of secrets or credentials.
Audit Metadata