harness-genome

SUSPICIOUS: the stated purpose is coherent for a repo analysis skill, but its execution trust is weak because it relies on an unpinned `npx metaharness` command whose official publisher/distribution path was not verified and appears inconsistent with the project evidence found. No clear credential theft or malicious exfiltration is shown, but supply-chain risk is material.