Skills
skills/zhangga/aihub/long-run-harness/Gen Agent Trust Hub

long-run-harness

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon instructions stored in task state files.
  • Ingestion points: The agent reads task descriptions, summaries, and acceptance criteria from task_list.json and progress.md (processed via scripts/harness_lib.py).
  • Boundary markers: Absent; task-level instructions are not separated from system instructions by specific delimiters or escape sequences.
  • Capability inventory: The agent is instructed to perform file modifications, git operations, and code analysis based on the content of the tasks.
  • Sanitization: No content-based sanitization or instruction filtering is applied to the data ingested from the state files.
  • [COMMAND_EXECUTION]: The skill's workflow instructions explicitly direct the agent to execute local Python scripts (scripts/init_harness.py, scripts/update_progress.py, scripts/check_next_task.py, scripts/verify_state.py) to manage task state transitions and validation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 11:30 AM