harness-audit
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate developer tool for codebase auditing and configuration improvement. It adheres to safety best practices, such as explicitly instructing the agent to avoid committing secrets and to use environment variables for sensitive data.
- [COMMAND_EXECUTION]: The skill utilizes standard development tools and shell commands (e.g., git, grep, find, npm, pytest) to perform repo analysis and verification. These operations are essential to its documented purpose and are performed within the local repository context.
- [EXTERNAL_DOWNLOADS]: The skill references well-known package registries (NPM, PyPI, Cargo) and official tool repositories (e.g., ruff, Biome, CodeRabbit) for setting up development workflows. These are trusted sources and do not constitute a security risk.
- [PROMPT_INJECTION]: The instructional language is direct and clear, using importance markers (e.g., 'Critical failures to flag') to guide the auditing logic without attempting to bypass AI safety guardrails or override system instructions.
Audit Metadata