Harness-engineering harness-supply-chain-audit

name: harness-supply-chain-audit version: "1.0.0" description: 6-factor dependency risk evaluation for supply chain security stability: static cognitive_mode: meticulous-implementer triggers:

• manual
• on_milestone platforms:
• claude-code
• gemini-cli
• cursor
• codex tools:
• Bash
• Read
• Write
• Grep
• Glob
• WebFetch cli: command: harness skill run harness-supply-chain-audit args:
  • name: path description: Project root path required: false
  • name: depth description: Maximum dependency depth to evaluate (default 3) required: false
  • name: output description: Write report to file instead of stdout required: false mcp: tool: run_skill input: skill: harness-supply-chain-audit path: string type: rigid tier: 2 phases:
• name: inventory description: Build dependency inventory from lockfile required: true
• name: evaluate description: Score each dependency on 6 risk factors required: true
• name: report description: Generate risk report with actionable findings required: true state: persistent: false files: [] depends_on:
• harness-security-scan addresses:
• signal: security-findings weight: 0.6