fusecore
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill contains a mandatory workflow directive in
SKILL.mdthat instructs the AI agent to orchestrate specialized sub-agents using theTeamCreatetool. This is a prescriptive instruction for the agent's operational logic. - [COMMAND_EXECUTION]: The templates and guides provided in the skill (e.g.,
creating-module.md,SKILL.md) suggest the use of standard development commands likemkdir,php artisan, andcomposerto manage the modular monolith structure. - [PROMPT_INJECTION]: The modular architecture involves an auto-discovery mechanism that parses
module.jsonfiles from the filesystem (references/module-discovery.md), creating a surface for indirect prompt injection. - Ingestion points:
module.jsonfiles located within the/FuseCore/directory. - Boundary markers: None specified in the provided documentation or templates.
- Capability inventory: The agent is expected to use file system tools, execute CLI commands, and spawn other agents.
- Sanitization: The documentation does not describe any validation or sanitization for the contents of the discovery files.
- [NO_CODE]: The skill is composed exclusively of documentation and templates in Markdown format, with no executable logic or scripts included.
Audit Metadata