harness

SUSPICIOUS. The harness purpose is coherent, and it does not introduce obvious credential theft or off-platform exfiltration. However, it intentionally feeds locally stored skill instructions into a general-purpose subagent with Bash/Write/Agent access and then runs project build scripts, creating meaningful prompt-injection and transitive execution risk disproportionate for a generic test harness unless the tested skills and repo are fully trusted.