fusion-dependency-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external data.
- Ingestion points: The skill reads pull request comments, review threads, upstream changelogs, and issue trackers (specified in
agents/research-advisor.md). - Boundary markers: Structured templates in
assets/research-template.mdandassets/verdict-template.mdare used to organize findings, although these do not replace sanitization. - Capability inventory: The agent has the ability to approve/merge pull requests and perform branch mutations like rebase and force-push via the GitHub MCP (defined in
SKILL.mdandagents/source-control-advisor.md). - Sanitization: All actions involving repository modification require explicit human maintainer confirmation, which is the primary defense against adversarial content.
- [COMMAND_EXECUTION]: The skill uses the GitHub MCP to perform sensitive source control operations.
- Evidence: The
agents/source-control-advisor.mdscript facilitates rebase and push operations on the PR branch. These high-privilege commands are associated with the skill's primary function and are explicitly gated by human confirmation.
Audit Metadata