The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a custom CLI (available in TypeScript and Bash variants) that automates developer tasks. These scripts utilize standard system commands (e.g., execSync, spawn, git, npm, uv, cargo) to manage repository state, install dependencies, and run validation suites.
[PROMPT_INJECTION]: The framework is designed to enable 'Autonomous Mode' for AI agents. It provides configuration templates (.claude/settings.json, .codex/config.toml) that explicitly pre-approve shell commands and disable standard manual approval policies. This is a core functionality intended to facilitate multi-step autonomous development loops.
[PROMPT_INJECTION]: The project architecture creates a surface for 'Indirect Prompt Injection' by design. AI agents are instructed to treat repository files like docs/PLAN.md and docs/progress.json as authoritative sources for their next tasks. If a malicious actor were to modify these files (e.g., through a Pull Request), they could potentially influence the agent's actions within the project environment.

harness-engineer-cli