Skills
skills/peachsolution/peach-harness/peach-setup-harness/Gen Agent Trust Hub

peach-setup-harness

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses local environment configuration files.
  • Evidence: In SKILL.md, it reads api/env.local.yml to identify database providers and configuration. This file often contains sensitive credentials.
  • [COMMAND_EXECUTION]: The skill performs automated file deletions.
  • Evidence: Step 5 includes commands to delete .cursor/rules/ directories and the .cursorrules file to transition the project to the new harness system.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection.
  • Ingestion points: Reads content from CLAUDE.md and AGENTS.md in Step 1.
  • Boundary markers: None identified in the workflow.
  • Capability inventory: Shell command execution (ls, grep, cat, rm, mkdir) and file write access.
  • Sanitization: Content from project files is used to determine project state without explicit sanitization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 04:57 AM