harnass-engineer-final-audit
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute local scripts (harnass-os/scripts/agent-guard.py) and standard ecosystem tools likeforge,hardhat, andanchorbased on the detected project stack. While these commands are directed at local auditing tools, the ability to spawn subprocesses based on repository configuration is a sensitive capability.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it incorporates data from the repository being audited directly into its processing logic. - Ingestion points: The agent reads from project files including
harnass-os/Audit.md,harnass-os/documents/inventory/current-state.yaml, and the repository's source code and configuration files. - Boundary markers: The instructions do not define delimiters or specific 'ignore' commands to prevent the LLM from obeying instructions embedded within the files being audited.
- Capability inventory: The skill possesses the capability to execute shell commands via
Bashand write or edit files in theharnass-os/directory. - Sanitization: No evidence was found of input validation or escaping of repository data before it is used to determine the agent's actions or parameters for command execution.
Audit Metadata