Skills
skills/ruvnet/claude-flow/harness-evolve/Gen Agent Trust Hub

harness-evolve

Warn

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx -y @metaharness/darwin@~0.3.1 to download and execute code directly from the public npm registry at runtime.
  • [EXTERNAL_DOWNLOADS]: Fetches the @metaharness/darwin package from the npm registry during execution.
  • [COMMAND_EXECUTION]: Spawns a sub-process to run the metaharness-darwin evolve command using the Bash tool.
  • [DATA_EXFILTRATION]: Accesses the local file system to read repository contents and write evolution artifacts to the .metaharness/ subdirectory within the target repo.
  • [PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection.
  • Ingestion points: Reads contents of the user-provided repository path (SKILL.md).
  • Boundary markers: None explicitly described to separate repository data from internal logic.
  • Capability inventory: Executes shell commands via npx and writes files to the local disk (scripts/evolve.mjs).
  • Sanitization: Relies on upstream safety-disqualified checks (exit code 99) to detect unsafe operations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 25, 2026, 05:35 AM
Security Audit — agent-trust-hub — harness-evolve