harness-engineering-playbook
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides template shell scripts designed to be installed into target repositories that utilize the
evalcommand to execute arbitrary shell instructions stored in environment variables. - Evidence:
.skills/harness-engineering-playbook/assets/templates/scripts/harness/lint.shcontainseval "$HARNESS_LINT_CMD". - Evidence:
.skills/harness-engineering-playbook/assets/templates/scripts/harness/smoke.shcontainseval "$HARNESS_SMOKE_CMD". - Evidence:
.skills/harness-engineering-playbook/assets/templates/scripts/harness/test.shcontainseval "$HARNESS_TEST_CMD". - Evidence:
.skills/harness-engineering-playbook/assets/templates/scripts/harness/typecheck.shcontainseval "$HARNESS_TYPECHECK_CMD". - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by automatically discovering and executing commands defined within untrusted repository configuration files.
- Ingestion points: Target repository configuration files including
package.json,Cargo.toml, andpyproject.tomlare parsed to determine execution logic. - Boundary markers: No boundary markers or 'ignore' instructions are used when processing these external configurations.
- Capability inventory: The skill enables execution of
npm run,cargo check,pytest, and other toolchains through its harness scripts. - Sanitization: No sanitization or validation is performed on the command strings or script names extracted from the target repository's configuration files before they are passed to the shell for execution.
Audit Metadata