Skills
skills/chachamaru127/claude-code-harness/harness-plan/Gen Agent Trust Hub

harness-plan

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it processes untrusted data from web search results and repository history to generate plans and update status.\n
  • Ingestion points: Output from the WebSearch tool, content of Plans.md, outputs from git log, and the .claude/state/agent-trace.jsonl file.\n
  • Boundary markers: The instructions do not define delimiters or specific safety instructions to disregard commands embedded in the processed data.\n
  • Capability inventory: The skill has access to Write, Edit, and Bash tools, which allow for extensive file manipulation and system command execution.\n
  • Sanitization: No explicit validation or sanitization of the external or repository-sourced data is described before processing.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local shell commands for auditing the current project state.\n
  • Evidence: Uses commands such as git status, git diff, git log, cat, tail, and jq to extract information for synchronization.\n
  • Internal state access: Reads operational metadata from .claude/state/agent-trace.jsonl and writes memory records to the .claude/agent-memory/ directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 12:13 PM