harness-score

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime the required workflow shells out to npx metaharness score <path> --json, which fetches/executes a package from the public npm registry and ingests its CLI output JSON into the agent context (outsider-authored free text/structured output from a third-party package).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill shells out at runtime to "npx metaharness score …", which will fetch and execute package code from the npm registry (e.g. https://registry.npmjs.org/metaharness), so remote code is executed as a required dependency.