Back to skill

Security audit

Create Harness Docs

Security checks across malware telemetry and agentic risk

Overview

This skill openly scaffolds Harness documentation plus related CI and Java architecture-test files, so it is repository-modifying but not deceptive or malicious.

Install only if you want a scaffold generator that modifies the current repository, not just a passive documentation helper. Before running --init, make sure you are in the intended repo and review the resulting diffs, especially AGENTS.md, docs/, .github/workflows/harness-ci.yml, and any generated Java architecture test before committing or letting CI run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a documentation generator, but it also writes a GitHub Actions workflow and, for Spring Boot projects, creates a Java architecture test file. This expands repository modification scope beyond user expectations and can silently alter automation and test behavior, which is risky in an agent skill because users may grant it broader trust than warranted.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The main execution path for --init invokes createCIConfig(project) and createArchTest(project), which modify .github/workflows and src/test/java in addition to documentation directories. In a security context, hidden write access to source/test and automation paths is dangerous because it can change CI execution or introduce code into the repository under a misleading 'docs' operation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation scope is broad and framed as automatic project analysis and creation, without clear limits on when it should activate or what repository paths it may inspect or modify. In an agent setting, vague trigger conditions increase the chance of unintended execution and broad file modifications in the wrong project or at the wrong time.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description states that it will create documents, but it does not prominently warn users that it will modify the project by writing multiple files, adding CI workflows, and generating test code. Lack of a clear modification warning undermines informed consent and can lead to unreviewed changes that affect builds, automation, and repository hygiene.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/create-harness-docs.js:344