Skills
skills/n-n-code/n-n-code-skills/fuse-skills/Gen Agent Trust Hub

fuse-skills

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the npx skills CLI to perform operations such as listing and adding skill packages.
  • [EXTERNAL_DOWNLOADS]: It fetches remote agent skills from GitHub repositories provided by the user using the npx skills add command.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted text from source skills during the fusion process. Ingestion points: Remote repositories fetched via CLI and local files located in .agents/skills/. Boundary markers: Absent; the instructions do not provide delimiters or warnings to prevent the agent from executing instructions found within the source skills. Capability inventory: Includes shell execution capabilities via npx, file system write access for generating new skills, and network connectivity. Sanitization: Absent; the skill does not perform validation or sanitization of ingested content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 08:09 AM
Security Audit — agent-trust-hub — fuse-skills