fusion-package-scribe
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted repository data to generate documentation.
- Ingestion points: The skill reads various configuration and source files from the repository, including
package.json,tsconfig.json,biome.json, repository-level instructions in.github/instructions/, TypeScript source files (.ts,.tsx), and existingREADME.mdfiles (seeSKILL.mdSteps 1 and 4). - Boundary markers: The instructions do not define explicit delimiters or use specific boundary markers to isolate the ingested repository content from the agent's internal instructions.
- Capability inventory: The skill has file system read/write permissions and uses the Git CLI to stage and commit documentation changes (see
SKILL.mdStep 6). - Sanitization: No sanitization or validation of the content read from the repository is performed before it is used to generate or improve TSDoc and README documentation.
Audit Metadata