development-harness
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically executes shell commands defined as templates in 'Quality Gate' sections of language manifests (e.g., format, lint, typecheck, and test commands). These commands are executed from the project root using a string substitution pattern (
{files}). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through project-local configuration. According to the 'Role Resolution Protocol', the harness searches for manifests at
.claude/language-manifest.mdwithin the project root. An attacker-controlled repository could provide a malicious manifest that overrides standard tools or agents, leading to arbitrary command execution when an agent activates the harness on that project. - [DATA_EXPOSURE]: The skill performs extensive scanning of the project root for environment markers and configuration files (such as
pyproject.toml,package.json,Cargo.toml, andgo.mod) to detect project context. This ingestion of untrusted file metadata and content is used to influence subsequent command execution and agent routing.
Audit Metadata