fusion-skill-self-report-bug
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external workflow failure context, which presents an indirect prompt injection surface.
- Ingestion points: Failing command strings, environment context, and observed error/output evidence as specified in the
SKILL.mdinstructions. - Boundary markers: The skill utilizes a structured markdown template (
assets/issue-templates/skill-workflow-failure-bug.md) but lacks explicit delimiters or instructions to treat gathered evidence purely as data to prevent agent interpretation of embedded commands. - Capability inventory: The skill is capable of writing local files to the
.tmp/directory and performing GitHub issue mutations (creation, labeling, assignment) via MCP tools. - Sanitization: The instructions rely on user-driven manual redaction of sensitive data within the template rather than automated sanitization of ingested content.
- [DATA_EXFILTRATION]: The skill collects and transmits execution context and error logs to GitHub. This risk is mitigated by a draft-first workflow and a mandatory requirement for explicit user confirmation before any external state changes or data transmissions occur.
Audit Metadata