Harvest Time Reporting

The skill bundle provides a comprehensive API reference for Harvest time tracking, using standard `curl` commands to interact with the legitimate `https://api.harvestapp.com/v2` endpoint. It correctly uses environment variables (`HARVEST_ACCESS_TOKEN`, `HARVEST_ACCOUNT_ID`) for authentication. There is no evidence of prompt injection against the agent, malicious execution, data exfiltration to unauthorized destinations, persistence mechanisms, or obfuscation in `skill.md` or `_meta.json`.