agent-harness
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands for environment scaffolding and generating unique task identifiers. It provides defensive configuration templates that explicitly deny dangerous commands like 'rm', 'mv', and 'chmod' to prevent accidental or malicious file system modifications.
- [PROMPT_INJECTION]: As an orchestration framework, the skill inherently handles external data through user goals and subagent outputs, which represents an indirect prompt injection surface. The design mitigates this risk by enforcing strict role separation (e.g., the Evaluator has no tool access), implementing iterative validation loops, and requiring human confirmation for self-improvement (evolution) updates.
- [DATA_EXFILTRATION]: The framework manages file access but includes strong recommendations for path guarding. It instructs users and agents to scope write permissions to specific working directories and provides schema patterns to deny access to sensitive environmental variables and credential files.
- [SAFE]: The skill is a well-structured architectural pattern for agentic workflows. It prioritizes security by design, offering clear guidance on subagent trust, tool aliasing, and the use of platform-native security features like 'toolsSettings' for granular access control.
Audit Metadata