harness-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration references the official Harness MCP server package (@anthropic-ai/mcp-harness) which is sourced from a trusted organization.
- [COMMAND_EXECUTION]: Provides boilerplate Bash functions and Python classes designed to interact with the Harness and Jira APIs for legitimate automation tasks like merging PRs and triggering pipelines.
- [DATA_EXFILTRATION]: Facilitates necessary network communication with established domains including app.harness.io and atlassian.net. These operations are essential for the skill's primary function and do not involve sensitive local file access.
- [PROMPT_INJECTION]: An indirect injection surface is present as the skill ingests external content from pull request comments and Jira issues.
- Ingestion points: harness_get_pull_request_activities and Jira sync workflows in SKILL.md.
- Boundary markers: None explicitly defined for isolating external data within the prompt context.
- Capability inventory: Includes high-privilege actions such as triggering pipelines, merging code, and updating ticketing status.
- Sanitization: No demonstrated logic for filtering or escaping input from external comments before processing.
Audit Metadata