fusion-help-api
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical reference for the Fusion Help REST API, covering discovery, authentication, and CRUD operations for help articles, FAQs, and release notes.
- [SAFE]: All network operations and base URLs target official vendor domains (
fusion.equinor.com,fusion-dev.net) or well-known services (Azure AD, Discovery service). - [SAFE]: Integration patterns provided for React, C#, and Python use standard, reputable libraries (e.g.,
azure-identity,requests) and follow best practices by utilizingDefaultAzureCredentialrather than hardcoded secrets. - [SAFE]: The skill includes clear security and authorization guidance, noting that administrative actions require specific roles and providing the necessary Azure AD resource identifiers for different environments.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from the Help API which constitutes a potential surface for indirect prompt injection.
- Ingestion points: REST API responses from
/articles,/faqs, and/release-notes(documented inreferences/api-endpoints.md). - Boundary markers: Absent; the instructions do not specify the use of delimiters when the agent processes help content.
- Capability inventory: The skill allows the agent to generate code for network operations (REST calls) and provide information on managing help content.
- Sanitization: Server-side validation rules are documented for write operations, though no client-side sanitization of retrieved markdown content is explicitly required in the integration patterns.
Audit Metadata