create-pipeline
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes specialized MCP tools (
harness_create,harness_update,harness_get,harness_list) provided by theharness-mcp-v2server to manage pipeline resources on the Harness platform. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it parses untrusted data from local project files (e.g.,
package.json,go.mod,pom.xml, and existing CI/CD configurations) to automate pipeline generation. - Ingestion points: Metadata files and configuration scripts found within the user's codebase (documented in
references/codebase-analysis.md). - Boundary markers: The instructions do not define specific delimiters for parsed data but emphasize a "Clarify requirements" step to confirm auto-detected settings with the user.
- Capability inventory: Access to
harness_createandharness_updatewhich can modify remote pipeline configurations. - Sanitization: The skill relies on the agent's interaction with the user to validate detected settings before committing them to the Harness platform.
Audit Metadata