setup-harness
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard shell commands including find, grep, and git to analyze the repository structure and extract architectural patterns.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from the repository and writes it into documentation files that are subsequently used to guide other AI agents.\n
- Ingestion points: Source code, directory structures, and file contents are read across the repository in the 'Discovery Phase' and 'Pattern Discovery' steps.\n
- Boundary markers: Discovered patterns and code snippets are interpolated into documentation templates (ARCHITECTURE.md, docs/code-structure.md, etc.) without delimiters or warnings to ignore embedded instructions.\n
- Capability inventory: The skill uses the Write tool to create and modify multiple files including ARCHITECTURE.md, QUALITY_SCORE.md, and .claude/CLAUDE.md.\n
- Sanitization: No sanitization or validation is performed on the patterns or class names extracted via grep before they are added to the documentation layer.
Audit Metadata