Skip to main content

Security Audit

harness/harness-skills:skills/configure-agent-pr-attestation

github.com/harness/harness-skills
AI SkillCommit 770a4427aa4a
79
TRUSTED
Scanned about 1 month ago
0
Critical
Immediate action required
1
High
Priority fixes suggested
1
Medium
Best practices review
0
Low
Acknowledged / Tracked

Trust Assessment

harness/harness-skills:skills/configure-agent-pr-attestation received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via Unsanitized Template Substitution in Hook Script.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 10, 2026 (commit 770a4427). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis
100%
Static Code Analysis
93%
Dependency Graph
100%
LLM Behavioral Safety
85%

Behavioral Risk Signals

Network Access
1 finding
Shell Execution
2 findings
Dynamic Code
1 finding
Excessive Permissions
1 finding

Security Findings2

SeverityFindingLayerLocation

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/55b0317704b8fb2d.svg)](https://skillshield.io/report/55b0317704b8fb2d)
SkillShield Badge

Powered by SkillShield