astro-islands
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's mandatory workflow requires the agent to ingest data from external sources via research and documentation query tools (
fuse-ai-pilot:research-expertandmcp__context7__query-docs). This creates an indirect prompt injection surface where malicious content from the web or third-party documentation could influence the implementation logic provided by the agent.\n - Ingestion points: Workflow steps in
SKILL.mdmandate usingfuse-ai-pilot:research-expert(web research) andmcp__context7__query-docs(documentation retrieval) to guide the implementation.\n - Boundary markers: The instructions do not specify any delimiters or warnings to ignore potentially malicious embedded instructions within the fetched external data.\n
- Capability inventory: The agent has the capability to implement code (
TeamCreate,fuse-ai-pilot:explore-codebase) and perform validation (fuse-ai-pilot:sniper) based on the ingested content.\n - Sanitization: No explicit sanitization, validation, or filtering of the external content is described in the skill's instructions.
Audit Metadata