Skills
skills/equinor/fusion-skills/fusion-github-review-resolution/Gen Agent Trust Hub

fusion-github-review-resolution

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted pull request review comments from GitHub while maintaining significant repository permissions.
  • Ingestion points: scripts/get-review-comments.sh and assets/pull-request-review-threads.graphql fetch untrusted comment bodies and thread history from the GitHub API.
  • Boundary markers: The skill lack explicit boundary markers or delimiters in its instructions to isolate external comment content from the agent's system instructions.
  • Capability inventory: The agent has extensive capabilities, including reading local files, editing source code, executing validation commands, creating commits, and pushing to remote branches.
  • Sanitization: No programmatic sanitization or escaping of external comment data is performed; the skill relies entirely on the agent's manual 'research and judge' phase to identify and ignore malicious or incorrect feedback.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:40 AM