The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Bun.spawn and Bun.spawnSync to execute local toolchain commands such as git, bun, npm, and gh for repository management, build, and test operations. These are controlled via project state and are primary to the skill's orchestration functionality.
[EXTERNAL_DOWNLOADS]: The skill references the official Bun installation script (https://bun.sh/install) to ensure the required runtime is available in the environment. This is a reference to a well-known service and is considered safe.
[PROMPT_INJECTION]: The skill implements a comprehensive safety model in references/safety-model.md, which defines a trust hierarchy and explicitly instructs agents to treat all external fetched content as untrusted data rather than instructions.
[CREDENTIALS_UNSAFE]: The skill features an automated 'Guardian' (G6) that scans for secret patterns (e.g., API keys, PATs) and blocks commits if they are detected in the source code. It also provides secure environment variable templates.

harness-engineering-orchestrator