IT

How does skill review and auto-scoring work?

Submitted skills are threat-scored automatically and land in the review queue with a risk band; Critical-risk skills are blocked from approval until an account owner overrides with a documented reason.

When an employee submits a skill for review, Harriet scores it for supply-chain risk before anyone approves it. This is most important for package skills (an SKILL.md plus supporting files), which can contain instructions and links you didn't write.

The flow

  1. Submit — the author submits a draft skill for review.
  2. Auto-score — Harriet runs automated checks and an AI review, then attaches a risk score and band (Low / Medium / High / Critical) and a list of findings.
  3. Review — a reviewer opens the item in the review queue, reads the findings, and approves, requests changes, or rejects.
  4. Re-score on change — if the skill syncs its package from GitHub, it is re-scored whenever the content changes.

What the score looks for

  • Prompt injection: text that tries to override Harriet's instructions or make it deceive users.
  • Data exfiltration: instructions to send conversation data, documents or secrets to an external URL.
  • Obfuscation: hidden/zero-width characters or large encoded blobs that hide content from reviewers.
  • Provenance and drift: a GitHub sync that follows a moving branch (content can change after approval) rather than a pinned commit.
  • Permission blast radius: skills that require personal-data access, export, or owner role.

Approving a Critical skill

Critical-risk skills are blocked from approval and activation. If a reviewer is confident a Critical finding is a false positive, an account owner can override the block by entering a reason. The override is recorded against the assessment for audit. Prefer fixing the underlying issue (for example, pinning the package or removing the flagged content) over overriding.

After approval

Open an approved skill in Harriet skills and the Supply-chain security panel shows its current risk band, who approved it and when, and the full scan history. Use Run scan to re-test a live skill on demand for compliance; the result is recorded in the history without taking the skill offline.

Tips

  • Pin GitHub syncs to a commit, not main, so an approved skill can't drift.
  • Use Request changes with a clear note when a skill needs cleanup—submitters can revise and resubmit.

Related

  • How does Harriet keep skills and MCP connectors safe? (it-supply-chain-security)

Use Harriet in your organisation for searchable help, AI assistance, and your company knowledge base.

Log in to Harriet