harness
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically identifies and executes local project commands for linting, testing, and type-checking (e.g.,
npm run lintorpytest) during the 'Phase 4: Validate' step to verify the generated harness.\n- [REMOTE_CODE_EXECUTION]: During 'Phase 3: Engineering Output', the skill generates new executable structural tests in TypeScript or Python based on detected project patterns. These scripts are written to the local filesystem and subsequently executed by the agent to verify architectural invariants.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted codebase data during the 'Automated Scan' phase.\n - Ingestion points: The skill reads project files, directory structures, and import graphs from the local repository in Phase 0.\n
- Boundary markers: There are no explicit delimiters or 'ignore' instructions used to isolate the scanned codebase content from the agent's logic and internal instructions.\n
- Capability inventory: The agent has the ability to write new files to the codebase (Phase 3) and execute arbitrary system commands via the project's detected toolchain (Phase 4).\n
- Sanitization: No sanitization or validation of the scanned content is mentioned before it is used to generate questions for the user or to create documentation and engineering changes.
Audit Metadata