Skills
skills/ruvnet/ruflo/harness-evolve/Gen Agent Trust Hub

harness-evolve

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y to download the @metaharness/darwin package from the NPM registry at runtime. This package is not from a recognized trusted organization or a well-known service.
  • [REMOTE_CODE_EXECUTION]: The use of npx -y with the @metaharness/darwin@~0.3.1 package allows for the execution of remote code on the host machine. Furthermore, the skill's primary function is to generate and execute code variants in a sandbox to find optimal policy configurations, which involves dynamic code generation and execution.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to invoke the metaharness-darwin CLI and manage the evolution process via shell commands.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it mutates agent policy configurations based on the contents of an external repository provided via the --repo argument.
  • Ingestion points: File contents from the local repository specified in the --repo path.
  • Boundary markers: No specific boundary markers or instructions are defined to prevent the agent from being influenced by malicious instructions embedded in the repository being analyzed.
  • Capability inventory: The skill utilizes shell command execution (Bash) and remote package installation (NPX).
  • Sanitization: No logic is described for sanitizing or validating the repository content before it is used to drive the policy mutation process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 06:00 PM
Security Audit — agent-trust-hub — harness-evolve