Skills
skills/ruvnet/ruflo/harness-score/Gen Agent Trust Hub

harness-score

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill relies on npx to fetch and execute the metaharness package from the npm registry. This involves downloading and running external code that is not bundled with the skill itself.
  • [COMMAND_EXECUTION]: The skill uses a subprocess to invoke npx metaharness score <path> --json. While the allowed-tools field restricts it to Bash, the use of a user-supplied <path> as an argument to a shell command presents a risk of command injection if the implementation in scripts/score.mjs (which is not provided for review) fails to properly sanitize the input.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from a local repository path (<path>) and processes it using the metaharness tool.
  • Ingestion points: The tool reads content from a user-provided directory path.
  • Boundary markers: None explicitly mentioned in the instructions for the agent to ignore instructions embedded within the scanned files.
  • Capability inventory: The skill has the capability to execute subprocesses and output data that Claude Code uses for subsequent decisions.
  • Sanitization: There is no evidence in the markdown file that the output of metaharness or the input path is sanitized before being used in the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 06:39 PM
Security Audit — agent-trust-hub — harness-score