harness-engineer

SUSPICIOUS. The skill's behavior mostly matches its stated onboarding purpose, but it grants a session-starting agent broad autonomous execution over a local repository, including mandatory execution of an unverified repo-local init.sh, file mutation, and commits. No clear exfiltration or credential harvesting is present, so this is not malware, but it is a medium-risk automation skill with notable trust and autonomy concerns.

SUSPICIOUS: the visible scaffold behavior mostly matches the stated harness-init purpose, and no external exfiltration or credential harvesting is shown. However, the undocumented `../../install.sh` and hook payloads create a significant trust gap, and the skill auto-installs dependencies, runs repo scripts, modifies Claude settings, and commits changes without strong verification.