harness-engineering-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's environment validation logic in
scripts/setup/core.tsandreferences/runtime/validation/env-and-guardians.tsprovides remediation guidance to install the Bun runtime usingcurl -fsSL https://bun.sh/install | bashon Unix systems and a corresponding PowerShell command on Windows. These commands targetbun.sh, which is an established technology domain for the Bun project. - [COMMAND_EXECUTION]: The orchestration runtime utilizes
Bun.spawnacross several modules (e.g.,references/runtime/validation/helpers.ts,references/runtime/atomic-commit.ts) to execute system commands includinggitoperations and project-specific toolchain commands such astypecheck,lint,build, andtest. This behavior is essential for the skill's primary purpose of repo-backed orchestration. - [PROMPT_INJECTION]: The skill implements 'Guardian G11' (Prompt Injection Defense), which specifically instructs agents to treat external content (fetched URLs, API responses, or pasted text) as low-trust data rather than instructions. It also recognizes the attack surface for indirect prompt injection through the parsing of project documentation. Ingestion points:
docs/PRD.mdand thedocs/prd/directory. Boundary markers: Present (Markdown headings). Capability inventory: Subprocess execution of git and toolchain commands. Sanitization: Regex-based extraction of task data. - [CREDENTIALS_UNSAFE]: The skill incorporates proactive credential safety through 'Guardian G6' (Secret Prevention). The logic in
references/runtime/validation/helpers.tsdefines regex patterns to detect and block the commitment of API keys (e.g.,sk-...), Bearer tokens, and GitHub Personal Access Tokens (ghp_...) within the source code. - [SAFE]: The skill demonstrates high security maturity by implementing 12 persistent Guardians that enforce quality and safety constraints throughout the delivery loop. It provides clear documentation for security policies and remediation steps for any validation failures.
Audit Metadata