harness
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI via the official NPM registry (
@membranehq/cli). This is a standard procedure for this vendor's tools. - [COMMAND_EXECUTION]: The skill utilizes shell commands to manage authentication (
membrane login), create connections (membrane connect), and execute integration actions. These commands are scoped to the vendor's management platform. - [INDIRECT_PROMPT_INJECTION_SURFACE]: The skill ingests data from external Harness environments through its actions. This creates a potential surface for indirect prompt injection if malicious data is present in the Harness environment being processed, though no specific exploits are present in the skill code itself.
- [DYNAMIC_EXECUTION]: The skill includes functionality to dynamically create and build new actions (
membrane action create). This is a core feature of the Membrane platform and is used to extend the integration's capabilities on the fly.
Audit Metadata