create-sbom
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill implements an interactive workflow that ingests untrusted data, representing a potential indirect prompt injection surface.
- Ingestion points: Free-text inputs for pipeline identifiers (Phase 1), image references, and repository URLs (Phase 8) are collected from the user. Additionally, the skill reads existing pipeline YAML using the
harness_gettool (Phase 1). - Boundary markers: The generated YAML for the
SscaOrchestrationstep does not appear to use specific boundary markers or 'ignore' instructions when interpolating these user-provided strings. - Capability inventory: The skill possesses the capability to modify remote configurations via the
harness_updateMCP tool. Across the provided scripts, capabilities include file system access and network operations (implicit in the Harness MCP tools). - Sanitization: No explicit validation or escaping logic for the user-supplied strings is defined in the instruction set before they are included in the
harness_updatepayload.
Audit Metadata