generate-slsa
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by the platform vendor (Harness) and uses official MCP tools for pipeline management. It follows a controlled wizard-based interaction model.
- [PROMPT_INJECTION]: No malicious instruction overrides or safety bypass attempts were detected in the skill instructions or reference materials.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or sensitive files are accessed. The skill correctly utilizes Harness file secret references for attestation keys.
- [DATA_EXFILTRATION]: Network activity is confined to the official Harness platform through the MCP server; no external data exfiltration patterns were identified.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. It generates YAML for the Harness platform to process, which is the intended functionality.
Audit Metadata