create-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a codebase analysis feature that reads and processes various local files (such as package.json, Dockerfile, and requirements.txt) to auto-configure CI/CD pipelines. This pattern creates an attack surface for indirect prompt injection, where malicious instructions embedded in project files could influence the agent's behavior during YAML generation.\n
- Ingestion points: Multiple project files identified in 'references/codebase-analysis.md' (e.g., package.json, go.mod, requirements.txt, Dockerfile, etc.) are used as input for configuration detection.\n
- Boundary markers: While the skill does not specify technical delimiters for the ingested data, it includes a procedural instruction in 'SKILL.md' (Step 2) requiring the agent to 'Confirm detected settings with the user' and 'ask about anything that couldn't be auto-detected' before proceeding.\n
- Capability inventory: The skill uses MCP tools 'harness_create' and 'harness_update' (as documented in 'SKILL.md') to create or modify executable CI/CD pipelines on the remote Harness platform.\n
- Sanitization: No specific data sanitization or escaping protocols are mandated in the instructions for the text extracted from project files.
Audit Metadata