harness-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-generated pull request activities via harness_get_pull_request_activities (see "Get PR Activities (Comments, Reviews)" and the "Sync PR Comments to Jira" example) and uses those comments/reviews to create Jira comments and drive PR-to-Jira transitions, meaning untrusted third-party PR/comment content is read and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP server runtime configuration runs remote code with "npx -y @anthropic-ai/mcp-harness" (i.e., fetching and executing the package from the npm registry: https://www.npmjs.com/package/@anthropic-ai/mcp-harness), which is a required runtime dependency that will execute remote code and can directly control agent behavior.