harness-mcp-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). At runtime the workflow shells npx -p metaharness@latest harness mcp-scan <path> --json, which fetches and runs an external package/tool and then ingests its findings[].message (free-form text) into the agent/CI context via the script’s JSON/markdown output; this is outsider-authored content from a public registry–sourced tool.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes "npx -p metaharness@latest harness mcp-scan …", which at runtime fetches and executes the metaharness package from the npm registry (e.g. https://registry.npmjs.org/metaharness), so remote code is downloaded and executed and is required for the skill to run.