mb-harness
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructs the agent to perform environment setup using
git worktreeand execute arbitrary shell commands for build, test, and lint processes.\n- [EXTERNAL_DOWNLOADS]: Recommends the use ofmb-gardento provision the repository with linting scripts. This tool is a vendor-owned resource associated with the author.\n- [PROMPT_INJECTION]: References a non-existent AI model version (gpt-5.2) in theassets/codex-config.tomlfile, which may misrepresent agent capabilities or target environment settings.\n- [PROMPT_INJECTION]: Creates a surface for indirect prompt injection by instructing agents to follow command sequences defined in local documentation. \n - Ingestion points:
AGENTS.mdand.memory-bank/testing/index.md.\n - Boundary markers: None. Instructions are not delimited from potential attacker-controlled data.\n
- Capability inventory: Shell command execution and Playwright-based browser automation.\n
- Sanitization: None specified for the commands loaded from the repository harness.
Audit Metadata