trace-analyzer
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute specific git operations and a local Node.js script (
.harness/scripts/harness-report.mjs). These actions are used to generate reports based on repository state and are limited to the local harness environment.\n- [PROMPT_INJECTION]: The skill processes untrusted telemetry and diff data, creating a potential surface for indirect prompt injection.\n - Ingestion points: Files under
.harness/eval/results/,.harness/telemetry.jsonl, and the output ofgit diff.\n - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present.\n
- Capability inventory: The skill has access to
Read,Grep,Glob,git, and localnodescript execution.\n - Sanitization: No explicit validation or filtering of the ingested telemetry content is defined.\n- [SAFE]: No evidence of data exfiltration, network requests to external domains, or hardcoded credentials was found. The skill operates exclusively on local files for failure classification and diagnostic recommendations.
Audit Metadata