harness
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the official npm registry. This is the vendor's own command-line tool used to facilitate service interactions. - [COMMAND_EXECUTION]: The skill utilizes shell commands via the
membraneCLI to perform lifecycle operations such as authentication (membrane login), resource discovery (membrane search), and action execution (membrane action run). These are standard operational commands for the intended use case. - [PROMPT_INJECTION]: The skill processes external data from the Harness API, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the output of commands like
membrane action listandmembrane request(documented in SKILL.md). - Boundary markers: Absent; the instructions do not specify delimiters for data returned from external API calls.
- Capability inventory: The skill provides capabilities to execute API actions (
membrane action run) and perform arbitrary HTTP requests via the proxy (membrane request) as documented in SKILL.md. - Sanitization: No explicit sanitization or validation logic is defined for data retrieved from the Harness platform before it is presented to the agent.
Audit Metadata