analyze-costs
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard implementation of the Harness CCM service integration. It defines instructions for the agent to interact with the vendor's official MCP server using approved tools like
harness_getandharness_list. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external cloud provider billing and recommendation systems via the Harness platform, which represents a potential surface for indirect prompt injection. This is a low-risk architectural observation given the trusted nature of the data source and the restricted scope of the tool capabilities.
- Ingestion points: Cloud cost summaries, breakdowns, and recommendations retrieved via
harness_getandharness_listtools inSKILL.md. - Boundary markers: The skill does not implement specific delimiters or instructions to ignore instructions embedded within the retrieved billing data.
- Capability inventory: The skill is primarily focused on data retrieval, with the additional capability to report feedback on anomalies using the
harness_executetool. - Sanitization: No explicit sanitization or validation of external tool outputs is requested within the instructions.
Audit Metadata