configuring-your-harness
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the configuration of shell command hooks through the
add_hook.pyscript. These hooks allow the harness to execute arbitrary commands in response to specific lifecycle events such asPreToolUseorStop. - [EXTERNAL_DOWNLOADS]: The documentation includes instructions for using
curlto communicate with the Letta API atapi.letta.com. These operations are used for managing server-side agent settings like name, description, and model configuration. - [PROMPT_INJECTION]: The skill's hook system introduces a surface for indirect prompt injection. Prompt-based hooks can process and interpolate untrusted data from tool inputs or session context into prompts for LLM evaluation.
- Ingestion points:
add_hook.pyinput arguments and runtime tool/session data processed by hooks. - Boundary markers: Example configurations in
references/hooks.mdlack explicit boundary markers or sanitization for interpolated variables like$ARGUMENTS. - Capability inventory: The skill allows defining both shell command execution and prompt-based logic that can influence agent behavior and decision-making.
- Sanitization: Input provided to the configuration scripts is stored without sanitization or validation against malicious patterns.
Audit Metadata