Skills
skills/ruvnet/claude-flow/harness-oia-audit/Gen Agent Trust Hub

harness-oia-audit

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the execution of the @claude-flow/cli package via npx from the NPM registry to manage memory namespaces. This is a standard operation for Node.js-based management tools.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run the harness command-line utility with various subcommands (oia-manifest, threat-model, mcp-scan) to analyze infrastructure and threat surfaces.
  • [PROMPT_INJECTION]: The skill provides an interface for auditing local project files, which constitutes an indirect prompt injection surface.
  • Ingestion points: The skill processes project files at the provided <path> using the harness tool suite.
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are described in the skill definition.
  • Capability inventory: The skill possesses shell command execution capabilities via the Bash tool to perform its auditing tasks.
  • Sanitization: No explicit input sanitization or content filtering of the scanned files is documented, which is standard for static analysis tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 04:12 PM
Security Audit — agent-trust-hub — harness-oia-audit