fusion-issue-authoring
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill utilizes a local temporary directory (
.tmp/) and session memory to cache repository labels and assignee candidates. These artifacts are used to optimize performance and respect API rate limits. No hardcoded credentials or sensitive local file accesses were detected. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from workspace files such as
CONTRIBUTING.mdand repository issue templates to determine routing and structure. While this ingestion represents a potential attack surface for indirect prompt injection, the risk is mitigated by the mandatory human-in-the-loop review gate which requires explicit user approval of all drafts before any mutation occurs. - [COMMAND_EXECUTION]: The skill is designed to interact with the GitHub API through MCP tools and the GitHub CLI (
gh). These interactions are limited to the intended functionality of creating and updating issues and are subject to the user's existing authentication and explicit confirmation requirements.
Audit Metadata