fusion-issue-authoring
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces a mandatory human-in-the-loop review process (Step 5 and Step 7) before any state-changing operations are performed on GitHub repositories.
- [EXTERNAL_DOWNLOADS]: All external references are directed toward official GitHub infrastructure or well-known Copilot MCP endpoints, which are considered trusted sources.
- [COMMAND_EXECUTION]: The use of the GitHub CLI (
gh api) and MCP tools is restricted to repository management tasks and includes explicit instructions for the user to confirm commands before execution. - [DATA_EXPOSURE]: Caching of repository labels and assignee candidates is performed locally in
.tmp/or within session memory, aligning with standard practices for reducing API overhead without exposing sensitive data. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data such as existing issue content and repository contributor guides. However, the risk is mitigated by explicit boundary markers (drafting to files) and the requirement for user verification of all generated drafts before publication.
Audit Metadata