harness-sslb
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill operates as a reasoning and workflow harness for software engineering. It uses a structured internal review process (Zhongshu, Shangshu, and the Six Boards) to analyze inputs and generate execution plans without external network calls or unauthorized privilege escalation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: User requirements, bug reports, and project source code (referenced in SKILL.md). Boundary markers: None identified. Capability inventory: Reads project files and writes Markdown plans and execution sheets (SKILL.md, workflow-kit.md). Sanitization: None. The skill attempts to mitigate this through an internal monitoring role (Jin-Yi-Wei) to verify logic and intent.
- [COMMAND_EXECUTION]: The skill logic includes instructions for reading and writing Markdown documentation within the local project directory (e.g., the plans/ folder). This file-system interaction is restricted to documentation purposes and is consistent with the primary functionality of the skill.
Audit Metadata