{"skill":{"slug":"step-security-harden-runner","name":"Harden Runner","description":"Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.","repository":"https://github.com/step-security/harden-runner"},"recommended_command":"npx skills add step-security/harden-runner","install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add step-security/harden-runner","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Harden Runner\" agent skill from https://github.com/step-security/harden-runner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Harden Runner\" as a Claude Code skill from https://github.com/step-security/harden-runner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Harden Runner\" from https://github.com/step-security/harden-runner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","89/100 agent safety score"]},"agent_prompt":"Install the \"Harden Runner\" agent skill only after reviewing the OpenAgentSkill profile and source repository. Safety gate: Verified (allow). Start with https://www.openagentskill.com/skills/step-security-harden-runner, inspect the trust and audit notes, then use the recommended install handoff: npx skills add step-security/harden-runner. After installation, summarize changed files, required setup, and a minimal verification result before using the skill for real work.","safety_checklist":["Safety gate: Verified. Policy: allow.","Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","Review the repository and license before running third-party code.","Prefer a sandbox or isolated project when testing a new skill.","Start with the recommended command, then inspect generated files before committing changes.","Do not execute external side effects, payments, account changes, or credentialed actions without explicit user approval."],"verification_steps":["Open the skill documentation or SKILL.md and identify required setup.","Run the smallest safe example for the target task.","Confirm outputs match the task before allowing broader agent use.","Record any missing credentials, policy risks, or manual approvals needed."],"do_not_auto_install_when":["The repository or license cannot be reviewed.","The skill requires broad credentials or production account access.","The task involves regulated, private, or high-impact data without user approval."],"urls":{"web":"https://www.openagentskill.com/skills/step-security-harden-runner","api":"https://www.openagentskill.com/api/agent/skills/step-security-harden-runner","install_api":"https://www.openagentskill.com/api/skills/step-security-harden-runner/install","repository":"https://github.com/step-security/harden-runner"},"meta":{"agent_friendly":true,"api_version":"1.0","generated_at":"2026-06-16T13:33:32.221Z"}}