fusion-backend-dev
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides detailed guidance and architectural patterns for using Equinor's Fusion backend services. All mentioned domains (equinor.com, microsoftonline.com, azure.net) are trusted or well-known services.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill actively promotes security best practices by instructing developers to use Azure Key Vault and
dotnet user-secretsfor sensitive information management. - [INDIRECT_PROMPT_INJECTION]: The skill uses user input to search for code reference implementations using the
mcp_fusion_search_backend_codetool. This represents a potential surface for indirect injection, though the impact is limited by the skill's capabilities. - Ingestion points: User queries in
SKILL.mdused to trigger searches. - Boundary markers: Absent; user intent is passed directly to the search tool.
- Capability inventory: The agent only has access to the
mcp_fusion_search_backend_codetool for code discovery; no file-system write or network-exfiltration capabilities are listed. - Sanitization: No explicit sanitization or input validation is defined in the instructions for the search tool.
- [REMOTE_CODE_EXECUTION]: No patterns of downloading and executing arbitrary remote code were detected. All described execution patterns (MediatR handlers, async processing) refer to legitimate backend implementation strategies.
Audit Metadata