Skills
skills/affaan-m/ecc/autonomous-agent-harness/Gen Agent Trust Hub

autonomous-agent-harness

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill architecture is susceptible to Indirect Prompt Injection due to its design for autonomous data ingestion.
  • Ingestion points: Untrusted data enters the agent context through the "Autonomous PR Reviewer" (GitHub PRs), "Personal Research Agent" (Exa search results), and "Meeting Prep Agent" (calendar events/email threads).
  • Boundary markers: The provided prompt templates lack boundary markers or explicit instructions to treat external data as untrusted, increasing the risk of the agent obeying instructions embedded in external content.
  • Capability inventory: The agent has access to high-privilege capabilities including computer-use (browser and desktop control), TodoWrite (file system modification), and scheduled-tasks (creation of persistent cron jobs).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of external data before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill configures official MCP servers from the @anthropic organization via NPM, specifically @anthropic/memory-mcp-server, @anthropic/scheduled-tasks-mcp-server, and @anthropic/computer-use-mcp-server.
  • [COMMAND_EXECUTION]: The harness utilizes claude -p for programmatic mode execution and npx for running MCP server commands, which involve local shell execution for agent orchestration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:51 AM
Security Audit — agent-trust-hub — autonomous-agent-harness