Skills
skills/rexleimo/rex-cli/harness-init-runner/Gen Agent Trust Hub

harness-init-runner

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements a runner in harness/run.mjs and a diagnostic tool in harness/doctor.mjs that execute external CLI commands (like claude or gemini) using the node:child_process spawn API. The specific commands and arguments are configurable by the user via the harness.config.json file.
  • [EXTERNAL_DOWNLOADS]: The initialization process adds the zod package (a well-known schema validation library) to the project's package.json and instructs the agent to run npm install to set up the environment.
  • [PROMPT_INJECTION]: The skill includes an 'Indirect Prompt Injection' surface where task text from the command line or standard input is interpolated into a prompt and passed to external tools. To mitigate this, it provides a 'human gate' mechanism (harness/lib/human-gate.mjs) that scans the task text for sensitive keywords (e.g., sudo, rm -rf, api-key) and warns the operator before execution.
  • [DATA_EXFILTRATION]: Execution artifacts, including task prompts and output logs, are stored locally in the /.harness/ directory. The skill explicitly adds this path to the project's .gitignore file to ensure that potentially sensitive runtime data is not accidentally committed to version control.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 02:02 AM