fusion-issue-solving
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from GitHub issue bodies, labels, and linked discussions.
- Ingestion points: GitHub issue body, labels, and discussions (Instruction 2 in SKILL.md).
- Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within the issue content or use clear delimiters to isolate the untrusted data.
- Capability inventory: The skill can create git worktrees, modify repository files, execute validation commands (shell), and perform GitHub API mutations such as creating/editing PRs or closing issues (Instructions 1, 7, 8, 10 in SKILL.md).
- Sanitization: Absent. There are no instructions for sanitizing or validating the content retrieved from GitHub before it influences the agent's planning or execution.
- [COMMAND_EXECUTION]: The skill involves executing repository-specific validation commands and performing file system operations.
- The instructions require the agent to run 'targeted checks' and 'required project checks' (Instruction 8 in SKILL.md).
- Safety mitigations are included, such as an explicit constraint stating 'Never run destructive commands without explicit confirmation' and requiring user confirmation for GitHub mutations (Instruction 10 in SKILL.md).
Audit Metadata