harness
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and project updates from the vendor's official GitHub repository (github.com/revfactory/harness) using curl and git clone. This occurs during installation and documentation synchronization.
- [COMMAND_EXECUTION]: Local shell scripts are used to scaffold project directories, write manifest files, and perform validation checks on the generated agent and skill file structures. These operations are restricted to the local filesystem.
- [PROMPT_INJECTION]: As a framework that generates agent instructions from user-provided domain requirements, the skill has a potential surface for indirect prompt injection. The skill addresses this by utilizing structured templates and encouraging the implementation of distinct input/output protocols for generated agents.
Audit Metadata