harness-update
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell scripts, including
template-tracker.shandcodex-setup-local.sh. These scripts are located in the user's home directory or a path defined by theCLAUDE_PLUGIN_ROOTenvironment variable. Running scripts from variable-dependent paths is a security risk if the environment is not strictly controlled. - CREDENTIALS_UNSAFE (MEDIUM): The skill reads, modifies, and creates backups of
.claude/settings.json. This configuration file is a known location for agent permissions, execution hooks, and potentially sensitive environment data. The creation of timestamped backups in.claude-code-harness/backups/increases the risk of sensitive data exposure if the backup directory is not properly secured. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests and processes content from project files that could be controlled by an external party.
- Ingestion points:
Plans.md,AGENTS.md,CLAUDE.md, and.claude/settings.jsonare read and processed during the update flow. - Boundary markers: Absent. The skill directly processes the contents of these files without delimiters to prevent instruction injection.
- Capability inventory: The skill utilizes
Bash,Write, andEdittools to modify the project environment and execute local scripts. - Sanitization: Absent. The script uses procedural tools like
sedandjqfor merging data, which do not provide protection against maliciously crafted natural language instructions within the project files.
Audit Metadata