fusion-skill-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill incorporates explicit safety constraints, strictly forbidding the agent from requesting or exposing secrets and credentials. It also limits modifications to the
skills/directory. - [COMMAND_EXECUTION]: The skill uses
npx -y skills add . --listto validate that scaffolded skills are correctly formatted and discoverable within the repository. This is a standard development practice for managing repository-based tools using well-known package registries. - [PROMPT_INJECTION]: The skill facilitates the generation of instructions from user input, which creates an indirect prompt injection surface. This risk is mitigated by enforcing validation rules for skill names and descriptions, including character limits and the exclusion of XML tags to prevent structural confusion.
Audit Metadata