Security Audit
harness/harness-skills:skills/configure-agent-pr-attestation
github.com/harness/harness-skillsTrust Assessment
harness/harness-skills:skills/configure-agent-pr-attestation received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via Unsanitized Template Substitution in Hook Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 10, 2026 (commit 770a4427). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Unsanitized Template Substitution in Hook Script The skill generates a shell script (`agent-pr-attestation.sh`) by directly substituting `{{COMMAND_FILTER}}` and `{{URL_REGEX}}` into single-quoted bash variables. If an attacker or a malicious repository configuration manipulates the agent into using a custom command filter or URL regex containing single quotes (e.g., `foo'; malicious_command; '`), it will break out of the shell quotes and execute arbitrary commands every time a tool is used (via the `PostToolUse` hook). Sanitize or escape single quotes in `COMMAND_FILTER` and `URL_REGEX` before substituting them into the shell script, or pass these values via environment variables or a structured configuration file (e.g., JSON) rather than generating dynamic shell code. | LLM | SKILL.md:115 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/configure-agent-pr-attestation/SKILL.md:104 |
Scan History
Embed Code
[](https://skillshield.io/report/55b0317704b8fb2d)
Powered by SkillShield