Back to skill

Security audit

Harness Factory — AI Engineering Team

Security checks across malware telemetry and agentic risk

Overview

This is a mostly transparent engineering workflow skill, but it makes push and production deployment part of the default process without a clear approval gate.

Install only if you are comfortable with a release-capable engineering workflow. Use it on a clean branch or isolated worktree, keep SPRINT.md file scope narrow, and require manual confirmation before any git push, deployment, production verification, or AGENTS.md auto-trigger setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill's documented workflow goes beyond code assistance into operational actions by instructing the agent to commit, push, and deploy. That materially expands the blast radius from local code changes to repository and production state changes, which is unsafe for a broadly invocable engineering skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Including production deployment in a generic engineering harness is especially dangerous because the skill is framed as a development workflow, not a deployment-authorized release process. If followed by an agent, this could cause unauthorized or insufficiently reviewed changes to reach production systems.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are overly broad, especially the clause covering any task where quality matters more than speed. That ambiguity increases the chance the skill is invoked in contexts where its high-authority workflow, including repo and deployment actions, is unnecessary and risky.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill tells the agent to commit, push, and possibly deploy, but does not require a user-facing warning or explicit consent before those actions. This creates a clear risk of unintended repository modification, remote propagation, and production impact without informed approval.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The checklist includes a release gate to grep for Chinese characters before shipping, which creates a language-specific rule unrelated to code quality and can suppress legitimate multilingual content. In an engineering skill, this can normalize English-only enforcement without user consent, causing discriminatory behavior and accidental removal of valid UI text, content, or test data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.