fusion-dependency-review
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external content from GitHub pull requests.
- Ingestion points: The skill fetches and analyzes PR metadata, descriptions, top-level comments, and review threads as part of its research phase (defined in
SKILL.mdandagents/research-advisor.md). - Boundary markers: The instructions do not define clear delimiters or specific instructions for the agent to disregard commands embedded within the fetched PR content.
- Capability inventory: The skill possesses significant capabilities through the GitHub MCP, including the ability to post comments, approve pull requests, merge branches, and perform git operations like rebasing and force-pushing.
- Sanitization: There is no mention of sanitizing or escaping the PR data before it is passed to the various lens advisors for analysis, which could allow an attacker to influence the review verdict or trigger unauthorized actions.
Audit Metadata