harness-setup
Guides users through setting up an agent harness in projects, covering phases from exploration to finalization for optimal AI coding.
Install this skill
Security score
The harness-setup skill was audited on Jun 4, 2026 and we found 25 security issues across 2 threat categories, including 23 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 24 | Read `${CLAUDE_SKILL_DIR}/references/harness-engineering.md` first to ground yourself in the core concepts before starting. |
Template literal with variable interpolation in command context
| 26 | > **Note on paths**: This skill uses `${CLAUDE_SKILL_DIR}` to reference bundled files. In Claude Code this resolves automatically. In Codex, reference files via the skill's installation directory (`.a |
Template literal with variable interpolation in command context
| 99 | Read `${CLAUDE_SKILL_DIR}/references/claude-md-guide.md` for the full guidance on this. |
Template literal with variable interpolation in command context
| 105 | Read `${CLAUDE_SKILL_DIR}/references/context-budget-calculator.md`. |
Template literal with variable interpolation in command context
| 109 | If the project already has instruction files, run `${CLAUDE_SKILL_DIR}/scripts/count-tokens.sh --budget` to get an actual measurement. Otherwise, estimate manually. |
Template literal with variable interpolation in command context
| 119 | 2. **Provide the skeleton**: Based on the user's tool choice from Phase 1, copy the appropriate template to the project root. For Claude Code users, copy `${CLAUDE_SKILL_DIR}/templates/claude-md-skele |
Template literal with variable interpolation in command context
| 145 | Read `${CLAUDE_SKILL_DIR}/references/codex-and-agents-md.md`. |
Template literal with variable interpolation in command context
| 149 | **If both**: Coach on the sync strategy from the reference. Copy `${CLAUDE_SKILL_DIR}/templates/agents-md-skeleton.md` to the project root. Explain the three approaches (shared core with extensions, A |
Template literal with variable interpolation in command context
| 153 | **If AGENTS.md only**: Use `${CLAUDE_SKILL_DIR}/templates/agents-md-skeleton.md` instead of the claude-md-skeleton. Coach through the same sections but note the format differences (no frontmatter, per |
Template literal with variable interpolation in command context
| 163 | Read `${CLAUDE_SKILL_DIR}/references/hooks-guide.md` for the full guidance. |
Template literal with variable interpolation in command context
| 169 | 2. **Set up the wrapper script**: Copy `${CLAUDE_SKILL_DIR}/templates/run-check.sh` to `scripts/run-check.sh` in the project. Make it executable. |
Template literal with variable interpolation in command context
| 178 | 4. **Configure hooks**: For each selected verification, add a PostToolUse hook to `.claude/settings.local.json`. **Deep-merge** with existing config - never overwrite. Use `${CLAUDE_SKILL_DIR}/templat |
Template literal with variable interpolation in command context
| 203 | Read `${CLAUDE_SKILL_DIR}/references/mcp-and-tools-guide.md` for the full guidance. |
Template literal with variable interpolation in command context
| 232 | Read `${CLAUDE_SKILL_DIR}/references/verification-loops.md` for the full guidance. |
Template literal with variable interpolation in command context
| 236 | 2. **PreCompletionChecklist**: Show `${CLAUDE_SKILL_DIR}/templates/pre-completion-checklist.md`. Use AskUserQuestion to ask which items are relevant to the project: |
Template literal with variable interpolation in command context
| 294 | Read `${CLAUDE_SKILL_DIR}/references/sub-agent-orchestration.md` for the full guidance. |
Template literal with variable interpolation in command context
| 315 | - Show `${CLAUDE_SKILL_DIR}/templates/agent-team-definition.md` as reference for team definitions |
Template literal with variable interpolation in command context
| 327 | Read `${CLAUDE_SKILL_DIR}/references/long-running-agents.md` for the full guidance. |
Template literal with variable interpolation in command context
| 337 | 2. **Init script**: Copy `${CLAUDE_SKILL_DIR}/templates/init-script.sh` to the project. Coach through customizing each section. Use AskUserQuestion at each section: |
Template literal with variable interpolation in command context
| 346 | 3. **Progress file**: Copy `${CLAUDE_SKILL_DIR}/templates/progress-file.md` to the project. Use AskUserQuestion: "Do you prefer JSON format (machine-readable, good for automation) or markdown format ( |
Template literal with variable interpolation in command context
| 375 | Read `${CLAUDE_SKILL_DIR}/references/skills-guide.md` for the full guidance. |
Template literal with variable interpolation in command context
| 405 | Read `${CLAUDE_SKILL_DIR}/references/context-management.md` for context on progressive disclosure. |
Template literal with variable interpolation in command context
| 428 | 2. **Final context budget summary**: Run `${CLAUDE_SKILL_DIR}/scripts/count-tokens.sh --budget` if instruction files exist, or present a manual estimate: system prompt (~50) + instruction file lines + |
Access to hidden dotfiles in home directory
| 60 | - Existing `config.toml` in `~/.codex/` (Codex CLI configuration) |
Access to hidden dotfiles in home directory
| 62 | - Existing MCP configuration (check `.claude/settings.local.json` and `~/.claude/settings.json`) |