harness-initializer
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (init.sh) and PowerShell scripts (init.ps1) as part of the project initialization process. It uses chmod +x to ensure the script is executable before running it.
- [PROMPT_INJECTION]: The skill processes an external Application Specification document to generate project tasks. This creates an indirect prompt injection surface where untrusted data from the specification could influence the agent's behavior during task creation.
- Ingestion points: The skill calls find_documents to read the Application Specification in SKILL.md.
- Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill can execute shell commands (./init.sh), perform git operations, and manage tasks/documents in the Archon system.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the specification content before it is used for task generation.
Audit Metadata