harness-diagnostics
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data from project files (e.g., CLAUDE.md, package.json) to generate reports.
- Ingestion points: Uses Read, Grep, and Bash to analyze content from multiple project files.
- Boundary markers: The instructions lack explicit delimiters or safety warnings to ensure the agent ignores potentially malicious instructions embedded within the files being scanned.
- Capability inventory: The skill utilizes Bash, Read, Grep, and Glob tools for filesystem exploration and content analysis.
- Sanitization: There is no evidence of content sanitization or validation before the data is processed by the model for diagnostic purposes.
- [COMMAND_EXECUTION]: The skill is configured with access to the Bash tool. Although the instructions specify using 'read-only commands only,' the underlying platform permission allows for broader command execution which could be exploited if the agent's logic is subverted through malicious file content.
Audit Metadata