harness
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill contains a script
scripts/sync-upstream-harness.shthat fetches numerous markdown files and templates from an untrusted external repository atraw.githubusercontent.com/revfactory/harness/main. While these files are documentation, they serve as the ground truth for the skill's generation logic. - [REMOTE_CODE_EXECUTION]: The provided
scripts/install.shscript instructs the system to download and install the skill from the externalrevfactory/harnessrepository directly into the global skill configuration directory (~/.claude/skills). - [COMMAND_EXECUTION]: Several bundled shell scripts, including
bootstrap-harness.shandvalidate-harness.sh, are executed to perform project scaffolding and integrity checks on generated agent definitions. - [PROMPT_INJECTION]: The skill has a significant vulnerability surface for indirect prompt injection. It is designed to read and analyze user codebases to identify domains and task types (documented in
SKILL.mdStep 1). Malicious instructions embedded in the analyzed codebase could influence the generation of agent roles and orchestration logic. - Ingestion points:
SKILL.md(Step 1: Domain Analysis) specifies reading the codebase or user request to identify roles. - Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found within the analyzed data.
- Capability inventory: The skill utilizes powerful tools including
Bash,Write,Edit,Agent, andTeamCreateacross its operation and the templates it generates. - Sanitization: Absent. No filtering or validation of the content extracted from the analyzed codebase is performed before it is interpolated into agent definitions.
Audit Metadata