eval-harness-updater

The artifact's intended purpose (automating evaluation harness updates based on research) is reasonable for improving test coverage and SLO gating. However, its declared permissions and mandatory behaviors create multiple supply-chain and data-exfiltration risks: combined ability to fetch remote content, write to memory/files, execute shell commands, and invoke/instantiate new skills allows an agent to introduce unvetted code and leak internal context without human oversight. Immediate mitigations should include restricting or removing Bash execution, gating any skill installation or code-write behind human approval, whitelisting research sources and destinations, redacting memory reads, and adding artifact provenance verification. Without such controls, treat this artifact as moderate-to-high security risk for autonomous use.