harness-engineer-cli
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a management script (
scripts/harness.ts) that usesexecSyncto perform various shell operations, including git and package manager commands. - [COMMAND_EXECUTION]: Instructions and configuration templates (
.claude/settings.json,.codex/config.toml) guide the user to disable security approval prompts for specific shell command patterns, enabling an 'Auto Mode' that allows the agent to execute code autonomously. - [PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection surface (Category 8) as it is designed to ingest and process untrusted data from existing codebases (Retrofit mode) and external web research (Greenfield mode).
- [PROMPT_INJECTION]: Ingestion Points: Project files (package.json, src/) in Retrofit mode and web search results in Greenfield mode.
- [PROMPT_INJECTION]: Boundary Markers: Includes a set of 'Iron Rules' to define behavioral constraints.
- [PROMPT_INJECTION]: Capability Inventory: Execution of shell commands (git, package managers), file system read/write, and network access for research.
- [PROMPT_INJECTION]: Sanitization: No evidence of sanitization for external project data or research content before processing.
- [EXTERNAL_DOWNLOADS]: The project templates reference numerous development dependencies and linter plugins to be installed from the NPM registry.
Audit Metadata