fusion-rule-author
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest content from external repository files (e.g., README.md, package.json, documentation) to generate coding rules. Although the workflow includes a manual review step (Step 6) before writing files to disk, the ingestion process does not utilize explicit boundary markers or delimiters to isolate untrusted content from the agent's instructions.
- Ingestion points: SKILL.md (Step 2) identifies numerous documentation and configuration files for scanning.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used during the data collection phase.
- Capability inventory: The skill performs file system writes (SKILL.md Step 7) to create rule files in the .github/, .cursor/, or .claude/ directories.
- Sanitization: The process relies on Step 6 ('Review and refine') which mandates human approval of drafted content before the final write operation.
Audit Metadata