harness-platform
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include adding a Helm repository and installing delegates from 'app.harness.io'. This is a well-known service associated with the Harness platform, and the download is part of the standard administrative setup for the skill's purpose.
- [COMMAND_EXECUTION]: The skill utilizes 'kubectl' and 'curl' for infrastructure management and API testing. These operations are performed against official platform endpoints and local Kubernetes clusters as expected for administrative tasks.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists within the 'Notify Slack' template example, which interpolates a variable into a shell script.
- Ingestion points: Data passed to Harness templates (e.g., via the '<+input>' placeholder) which the agent may process or generate.
- Boundary markers: No specific delimiters or safety instructions are provided in the template examples to prevent the interpolation of malicious shell commands or control characters.
- Capability inventory: The skill allows 'Bash' and 'WebFetch' tools, which could be leveraged if untrusted data is executed within a script context.
- Sanitization: The provided examples do not demonstrate sanitization of the input variable before it is placed into the shell script 'curl' command.
Audit Metadata