agent-harness
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a legitimate and transparent architecture for agent-driven development. It focuses on orchestration and quality rubrics without introducing hidden or malicious behaviors.
- [DATA_EXPOSURE]: The skill reads common project metadata files such as
package.json,README.md, andCLAUDE.mdduring the initialization phase (/harness setup). This access is intended for project context discovery and stack detection, conforming to standard development tool behaviors. - [INDIRECT_PROMPT_INJECTION]: The skill operates a development loop where agents ingest and process potentially untrusted data from the local project environment.
- Ingestion points: Project configuration files (
package.json), documentation (README.md), and user-provided feature descriptions inSKILL.md(via/harness build). - Boundary markers: The agent templates in
references/agents/do not define specific delimiters or isolation markers for external input. - Capability inventory: The
Generatoragent possesses file-system write and git commit capabilities. TheEvaluatoragent is instructed to use CLI tools, browser automation (Playwright), and API clients to test the generated implementation. - Sanitization: No explicit input validation or prompt escaping is performed on the data processed by the sub-agents.
- Assessment: While these components represent an attack surface for indirect prompt injection, the risk is inherent to the intended primary purpose of building a self-evaluating development harness.
Audit Metadata