{"id":"213c470b-12a7-4eea-8c46-9927f995580a","shortId":"uW6nDk","kind":"skill","title":"audit-report","tagline":">-","description":"# Audit Report Skill\n\nGenerate audit reports and compliance trails using Harness MCP v2 tools.\n\n## MCP v2 Tools Used\n\n- `harness_list` with `resource_type: \"audit_event\"` -- list audit events with filters\n- `harness_describe` with `resource_type: \"audit_event\"` -- discover available filters and fields\n\nAudit events are **read-only**. You can list and filter them but cannot create, update, or delete them.\n\n## Instructions\n\n### Step 1: Discover Available Filters\n\n```\nharness_describe(resource_type=\"audit_event\")\n```\n\nUnderstand the available filter parameters before querying.\n\n### Step 2: List Audit Events\n\n```\nharness_list(\n  resource_type=\"audit_event\",\n  org_id=\"<org>\",           # optional - scope to organization\n  project_id=\"<project>\",   # optional - scope to project\n  search_term=\"<user or resource>\",  # optional\n  page=0,\n  size=100\n)\n```\n\n### Step 3: Filter by Action Type\n\nFilter results by these standard action types:\n\n| Action | Description |\n|--------|-------------|\n| `CREATE` | Resource creation |\n| `UPDATE` | Resource modification |\n| `DELETE` | Resource deletion |\n| `LOGIN` | User authentication |\n| `LOGOUT` | Session termination |\n| `ACCESS` | Resource access |\n| `EXECUTE` | Pipeline execution |\n\n### Step 4: Filter by Resource Type\n\nCommon resource types in audit events:\n\n| Resource Type | Examples |\n|---------------|----------|\n| `PIPELINE` | Pipeline create, update, delete |\n| `SECRET` | Secret access, rotation, deletion |\n| `CONNECTOR` | Connector modifications |\n| `SERVICE` | Service definition changes |\n| `ENVIRONMENT` | Environment configuration changes |\n| `USER` | User management actions |\n| `ROLE` | Role assignment changes |\n| `USER_GROUP` | Group membership changes |\n\n### Step 5: Analyze and Correlate\n\n- Group events by user to identify activity patterns\n- Group events by resource to track change history\n- Correlate timestamps to reconstruct incident timelines\n- Flag anomalies (off-hours activity, unusual access patterns, privilege escalation)\n\n### Step 6: Generate Report\n\nFormat findings using the templates in references/report-templates.md.\n\nFor report templates (General, User Activity, Security) and compliance framework mappings (SOC 2, GDPR, HIPAA), consult references/report-templates.md.\n\n## Examples\n\n### Generate a 30-day audit report\n\n```\n/audit-report\nGenerate an audit report for the last 30 days\n```\n\n### Investigate a specific user\n\n```\n/audit-report\nWhat has john.doe@company.com been doing in the last 7 days?\n```\n\n### Track production changes\n\n```\n/audit-report\nShow all pipeline and environment changes in the production project this month\n```\n\n### Security investigation\n\n```\n/audit-report\nShow all secret access events and privilege changes from last week\n```\n\n### Compliance evidence\n\n```\n/audit-report\nGenerate SOC2 audit evidence for Q4 covering access control and change management\n```\n\n## Error Handling\n\n| Error | Cause | Solution |\n|-------|-------|----------|\n| No audit events returned | Time range too narrow or wrong scope | Broaden time range; verify org_id/project_id |\n| Access denied | User lacks audit view permissions | Request `core_audit_view` permission |\n| Pagination incomplete | More events than page size | Increment `page` parameter until all pages fetched |\n| Search term returns nothing | User ID format mismatch | Try email, username, and display name variants |\n\n## Performance Notes\n\n- Paginate through all results before generating the report. Incomplete data leads to inaccurate audit trails.\n- Cross-reference events across scopes (account, org, project) for a complete picture. Do not skip scope levels.\n- For compliance reports, verify every claim against actual audit data. Do not infer or assume activity that is not in the logs.\n\n## Troubleshooting\n\n### No Events Found\n\n1. Start with a broader time range and no filters\n2. Verify the org_id and project_id scope -- account-level events require no org/project filter\n3. Remove search_term to confirm events exist, then re-add filters\n\n### Missing User Activity\n\n1. Check both email and username formats for the user\n2. Service account activity may appear under a different principal name\n3. API key usage may not show as the human user\n\n### Incomplete Audit Trail\n\n1. Paginate through all results -- check if `size` returned equals the `size` requested (more pages likely)\n2. Account-level events are separate from org/project events -- query at the right scope\n3. Some event types may require specific permissions to view","tags":["audit","report","harness","skills","agent-skills","agents"],"capabilities":["skill","source-harness","skill-audit-report","topic-agent-skills","topic-agents"],"categories":["harness-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/harness/harness-skills/audit-report","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add harness/harness-skills","source_repo":"https://github.com/harness/harness-skills","install_from":"skills.sh"}},"qualityScore":"0.457","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 15 github stars · SKILL.md body (4,492 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:06:28.598Z","embedding":null,"createdAt":"2026-05-09T01:05:27.133Z","updatedAt":"2026-05-18T19:06:28.598Z","lastSeenAt":"2026-05-18T19:06:28.598Z","tsv":"'/audit-report':272,286,300,315,329 '0':111 '1':67,466,509,544 '100':113 '2':85,260,476,519,560 '3':115,493,530,575 '30':268,280 '4':151 '5':200 '6':238 '7':295 'access':144,146,172,233,319,337,364 'account':428,486,521,562 'account-level':485,561 'across':426 'action':118,125,127,189 'activ':210,231,253,455,508,522 'actual':447 'add':504 'analyz':201 'anomali':227 'api':531 'appear':524 'assign':192 'assum':454 'audit':2,4,8,27,30,39,46,75,87,93,160,270,275,332,348,368,373,420,448,542 'audit-report':1 'authent':140 'avail':42,69,79 'broaden':358 'broader':470 'cannot':59 'caus':345 'chang':181,185,193,198,218,299,306,323,340 'check':510,549 'claim':445 'common':156 'complet':433 'complianc':11,256,327,441 'configur':184 'confirm':498 'connector':175,176 'consult':263 'control':338 'core':372 'correl':203,220 'cover':336 'creat':60,129,167 'creation':131 'cross':423 'cross-refer':422 'data':416,449 'day':269,281,296 'definit':180 'delet':63,135,137,169,174 'deni':365 'describ':35,72 'descript':128 'differ':527 'discov':41,68 'display':402 'email':399,512 'environ':182,183,305 'equal':553 'error':342,344 'escal':236 'event':28,31,40,47,76,88,94,161,205,213,320,349,379,425,464,488,499,564,569,577 'everi':444 'evid':328,333 'exampl':164,265 'execut':147,149 'exist':500 'fetch':389 'field':45 'filter':33,43,56,70,80,116,120,152,475,492,505 'find':242 'flag':226 'format':241,396,515 'found':465 'framework':257 'gdpr':261 'general':251 'generat':7,239,266,273,330,412 'group':195,196,204,212 'handl':343 'har':14,22,34,71,89 'hipaa':262 'histori':219 'hour':230 'human':539 'id':96,102,395,480,483 'id/project_id':363 'identifi':209 'inaccur':419 'incid':224 'incomplet':377,415,541 'increment':383 'infer':452 'instruct':65 'investig':282,314 'john.doe@company.com':289 'key':532 'lack':367 'last':279,294,325 'lead':417 'level':439,487,563 'like':559 'list':23,29,54,86,90 'log':461 'login':138 'logout':141 'manag':188,341 'map':258 'may':523,534,579 'mcp':15,18 'membership':197 'mismatch':397 'miss':506 'modif':134,177 'month':312 'name':403,529 'narrow':354 'note':406 'noth':393 'off-hour':228 'option':97,103,109 'org':95,362,429,479 'org/project':491,568 'organ':100 'page':110,381,384,388,558 'pagin':376,407,545 'paramet':81,385 'pattern':211,234 'perform':405 'permiss':370,375,582 'pictur':434 'pipelin':148,165,166,303 'princip':528 'privileg':235,322 'product':298,309 'project':101,106,310,430,482 'q4':335 'queri':83,570 'rang':352,360,472 're':503 're-add':502 'read':50 'read-on':49 'reconstruct':223 'refer':424 'references/report-templates.md':247,264 'remov':494 'report':3,5,9,240,249,271,276,414,442 'request':371,556 'requir':489,580 'resourc':25,37,73,91,130,133,136,145,154,157,162,215 'result':121,410,548 'return':350,392,552 'right':573 'role':190,191 'rotat':173 'scope':98,104,357,427,438,484,574 'search':107,390,495 'secret':170,171,318 'secur':254,313 'separ':566 'servic':178,179,520 'session':142 'show':301,316,536 'size':112,382,551,555 'skill':6 'skill-audit-report' 'skip':437 'soc':259 'soc2':331 'solut':346 'source-harness' 'specif':284,581 'standard':124 'start':467 'step':66,84,114,150,199,237 'templat':245,250 'term':108,391,496 'termin':143 'time':351,359,471 'timelin':225 'timestamp':221 'tool':17,20 'topic-agent-skills' 'topic-agents' 'track':217,297 'trail':12,421,543 'tri':398 'troubleshoot':462 'type':26,38,74,92,119,126,155,158,163,578 'understand':77 'unusu':232 'updat':61,132,168 'usag':533 'use':13,21,243 'user':139,186,187,194,207,252,285,366,394,507,518,540 'usernam':400,514 'v2':16,19 'variant':404 'verifi':361,443,477 'view':369,374,584 'week':326 'wrong':356","prices":[{"id":"ee527530-b2c1-4501-b930-c56795d130ef","listingId":"213c470b-12a7-4eea-8c46-9927f995580a","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"harness","category":"harness-skills","install_from":"skills.sh"},"createdAt":"2026-05-09T01:05:27.133Z"}],"sources":[{"listingId":"213c470b-12a7-4eea-8c46-9927f995580a","source":"github","sourceId":"harness/harness-skills/audit-report","sourceUrl":"https://github.com/harness/harness-skills/tree/main/skills/audit-report","isPrimary":false,"firstSeenAt":"2026-05-09T01:05:27.133Z","lastSeenAt":"2026-05-18T19:06:28.598Z"}],"details":{"listingId":"213c470b-12a7-4eea-8c46-9927f995580a","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"harness","slug":"audit-report","github":{"repo":"harness/harness-skills","stars":15,"topics":["agent-skills","agents"],"license":"apache-2.0","html_url":"https://github.com/harness/harness-skills","pushed_at":"2026-05-13T01:28:28Z","description":"A collection of structured AI agent skills that   enable Claude Code, Cursor, GitHub Copilot, and   other AI coding assistants to create, operate,   debug, and govern Harness CI/CD workflows through   natural language.","skill_md_sha":"5c3046c05a0e2a2baebb513055fdd576b86b00a5","skill_md_path":"skills/audit-report/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/harness/harness-skills/tree/main/skills/audit-report"},"layout":"multi","source":"github","category":"harness-skills","frontmatter":{"name":"audit-report","license":"Apache-2.0","description":">-","compatibility":"Requires Harness MCP v2 server (harness-mcp-v2)"},"skills_sh_url":"https://skills.sh/harness/harness-skills/audit-report"},"updatedAt":"2026-05-18T19:06:28.598Z"}}