create-template
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the creation of Harness templates that can execute shell commands via user-provided runtime inputs (using the
<+input>syntax). - Ingestion points: User-provided parameters and descriptions during the template generation process described in SKILL.md.
- Boundary markers: The instructions lack specific guidance for the agent to use delimiters or security warnings when interpolating user input into template commands.
- Capability inventory: The skill uses the
harness_createandharness_updateMCP tools to write these generated templates to the external Harness platform. - Sanitization: There is no mention of sanitization or validation of the content provided by users before it is placed into executable fields like
commandwithin the templates.
Audit Metadata