Skills
skills/xmzdesign/santong-skill/harness-engineering/Gen Agent Trust Hub

harness-engineering

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scaffolding script and generated hook scripts (context-injector.py) utilize subprocess.check_output to execute git commands for branch and commit history discovery.
  • [PROMPT_INJECTION]: The framework implements an automated context injection mechanism (Category 8) vulnerable to indirect prompt injection. • Ingestion points: Reads content from docs/specs/, docs/contracts/, and feature_list.json. • Boundary markers: Injects data using simple text headers like "Project context:" without strong delimiters or instructions to ignore nested directives. • Capability inventory: The framework explicitly permits extensive agent capabilities including file editing and shell execution. • Sanitization: External file content is interpolated directly into the prompt without escaping or validation.
  • [DYNAMIC_EXECUTION]: The scaffolding script uses __import__ to dynamically load the datetime module for date substitution in templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 02:48 AM