create-agent
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill references official Harness container images and integrates with trusted services like AWS Bedrock and GitHub Copilot.
- [SAFE]: It correctly utilizes Harness platform secrets for authentication instead of hardcoding credentials.
- [PROMPT_INJECTION]: The skill defines agents that ingest untrusted data, which presents a surface for indirect prompt injection attacks.
- Ingestion points: Agents are instructed to read from the repository filesystem and metadata files like INFO.md.
- Boundary markers: The agent task instructions do not include delimiters or specific guidance to ignore embedded instructions in the processed data.
- Capability inventory: Generated agents are equipped with powerful capabilities including shell command execution, file system access, and GitHub integration tools.
- Sanitization: There is no evidence of sanitization or input validation for the data ingested by the agents.
Audit Metadata