create-connector
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified within the skill's instructions or templates.
- [EXTERNAL_DOWNLOADS]: The skill references the 'harness-mcp-v2' server. This external dependency is owned by the author (Harness) and is used as the execution environment for the connector lifecycle management.
- [COMMAND_EXECUTION]: Utilizes MCP tools 'harness_create' and 'harness_execute'. These tools are restricted to the domain of Harness resource management and do not provide access to the underlying system shell.
- [PROMPT_INJECTION]: The skill contains logic to ingest user-provided data (e.g., URLs, identifiers) to populate YAML configurations. This creates a surface for indirect prompt injection. Ingestion points: User-provided values for connector YAML (SKILL.md). Boundary markers: Absent. Capability inventory: 'harness_create' and 'harness_execute' tools (SKILL.md). Sanitization: Absent. The risk is considered minimal given the structured output and specialized tool set.
Audit Metadata