Skills
skills/ruvnet/claude-flow/harness-bench/Gen Agent Trust Hub

harness-bench

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute metaharness-darwin CLI commands. It passes user-supplied repository and suite paths directly into shell commands (metaharness-darwin bench create <repo>). While this is the intended functionality, it relies on the underlying agent or script to handle shell argument sanitization.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the @metaharness/darwin package. This resource is associated with the vendor's own namespace and is used for its stated purpose of managing benchmark suites.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data by reading a repository's test corpus to generate benchmark suites. There is a theoretical surface where malicious instructions in a processed repository could influence the generated JSON suite, which is subsequently used as a source of truth for downstream scoring tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 05:35 AM
Security Audit — agent-trust-hub — harness-bench