The Agent Skills Directory

[SAFE]: The skill leverages official Harness MCP tools (harness_get, harness_update, harness_list) for pipeline management, which is the intended and authorized use case for this environment.- [SAFE]: Security guardrails are explicitly defined in the interaction model, specifically Rule 10, which prohibits the autonomous execution of pipelines (harness_execute), ensuring human-in-the-loop validation.- [SAFE]: The "Surgical YAML" requirement (Rule 20) prevents the agent from making unauthorized or broad changes to the pipeline configuration, limiting the impact to only the requested Artifact Signing step.- [SAFE]: Secret management follows best practices by using Harness file secret references (e.g., account.cosign_private_key) rather than hardcoded credentials or plaintext input.- [SAFE]: No instances of obfuscation, remote code execution, or unauthorized data exfiltration to external domains were found.

sign-artifact