harness-engineering-playbook
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The 'scripts/harness_wizard.py' utility executes local bash scripts ('scripts/bootstrap_harness.sh' and 'scripts/audit_harness.sh') via 'subprocess.run' to handle repository setup and validation tasks.
- [REMOTE_CODE_EXECUTION]: Provided harness templates for linting, testing, and smoke checks (located in 'assets/templates/scripts/harness/') utilize the 'eval' command on environment variables such as 'HARNESS_LINT_CMD'. This allows for dynamic execution of arbitrary commands within the execution environment.
- [COMMAND_EXECUTION]: The 'scripts/bootstrap_harness.sh' script performs local file system operations, including creating directories, copying templates, and modifying the project's 'Makefile'.
- [PROMPT_INJECTION]: The skill's audit functionality creates an indirect prompt injection surface by reading and evaluating text from files within the target repository.
- Ingestion points: Files like 'AGENTS.md' and 'PLANS.md' are read using 'grep' in 'scripts/audit_harness.sh' during the validation workflow.
- Boundary markers: The audit logic does not include explicit markers or instructions to ignore embedded agent commands in the files being processed.
- Capability inventory: The skill has capabilities for file system modification and local command execution.
- Sanitization: While the skill resolves repository paths, it does not sanitize the content of the audited files for malicious prompt instructions.
- [SAFE]: The skill includes documentation references to engineering guidelines and architectural practices from well-known technology organizations and OpenAI.
Audit Metadata