fusion-issue-solving
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from GitHub.
- Ingestion points: The agent is instructed to read the issue body, labels, and linked discussions (found in SKILL.md, Step 2).
- Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the ingested data.
- Capability inventory: The skill can execute git commands, write files to the system (Step 8), run arbitrary validation commands (Step 7), and perform GitHub API mutations such as closing issues or creating PRs (Step 9).
- Sanitization: No sanitization, escaping, or validation of the external content is required before interpolation into the workflow.
- [COMMAND_EXECUTION]: The workflow involves the execution of validation and project checks which are inherently command execution tasks.
- Evidence: Step 7 of the instructions requires the agent to run targeted checks and required project checks.
- Mitigation: The skill includes a clear safety constraint: 'Never run destructive commands without explicit confirmation,' which helps manage the risk of these operations.
Audit Metadata