harness-writing
by trailofbitsharness-writing helps you design fuzzing harnesses that turn raw bytes into meaningful, reproducible tests for a system under test. Use the harness-writing skill when you need a new fuzz target or want to improve coverage, stability, and bug-finding for Code Generation tasks. It focuses on deterministic input parsing, valid call sequences, and reproducible crashes.
This skill scores 78/100, which means it is a solid listing candidate for users who want practical guidance on writing fuzzing harnesses. The repository shows a real, non-placeholder technique guide with substantial content, clear applicability, and enough structure to help an agent trigger and use it better than a generic prompt, though users should still expect to read the document because there is no install command or supporting scripts to automate adoption.
- Clear use case: the frontmatter says it applies to creating new fuzz targets or improving existing harness code.
- Substantial operational content: the skill body is large and structured with many headings, code fences, and explicit workflow/constraint signals.
- Good triggerability for agents: it defines core concepts like harness, SUT, entry point, and deterministic behavior, which reduces guesswork.
- No install command and no support files, so adoption appears document-driven rather than tool-assisted.
- The description is brief, so users may need to inspect the full SKILL.md to understand exact fit and workflow details.
Overview of harness-writing skill
The harness-writing skill helps you design fuzzing harnesses that turn raw bytes into meaningful, reproducible tests for a system under test. It is most useful when you already have a target library or API and need a harness that actually reaches deep code paths instead of just consuming input and returning. If you are deciding whether to use harness-writing for Code Generation, the key question is whether you need structured fuzz target logic, not just a generic prompt about fuzzing.
What harness-writing is for
Use the harness-writing skill when you need to create a new fuzz target or improve an existing one for coverage, stability, or bug finding. It focuses on the practical job of mapping fuzzed bytes into valid calls, state transitions, and boundary cases that your code can handle safely.
Why this skill differs from a generic prompt
A normal prompt may describe fuzzing in general, but the harness-writing skill gives you a tighter workflow for harness design: how to parse input, choose operations, avoid non-determinism, and keep crashes reproducible. That makes it more useful for Code Generation tasks where the output has to be immediately actionable.
Best-fit users and projects
This skill fits security engineers, fuzzing practitioners, library maintainers, and agents generating test infrastructure for C/C++ or similar low-level targets. It is a strong fit when you care about coverage, crash triage, and API-level correctness. It is a weaker fit if you only need a high-level fuzzing overview with no code to write.
How to Use harness-writing skill
Install and open the right files
For harness-writing install, add the skill to your skills set with the repo’s normal skills workflow, then open SKILL.md first. If you want the fastest context scan, read the sections that define harness design, when to apply it, and any quick-reference material before generating code. In this repo, SKILL.md is the main source; there are no extra helper scripts or reference folders to cross-check.
Give the skill a target, not just a goal
For good harness-writing usage, describe the exact API or component you want to fuzz, the language, and the input surface. Strong input looks like: “Write a fuzz harness for a parser library in C++ that exposes ParseMessage(const uint8_t*, size_t) and must avoid file I/O.” Weak input looks like: “Make a fuzz harness for my app.” The skill works best when it knows what the entry point is supposed to call and what behaviors must stay deterministic.
Turn a rough idea into a complete prompt
A useful harness-writing guide prompt usually includes:
- target name and language
- fuzzing engine or framework if known
- public functions, constructors, or protocols to exercise
- forbidden side effects such as network access, filesystem writes, or global state
- known edge cases, stateful behavior, or crash history
- whether you want one-operation or multi-operation harness logic
That extra structure helps the skill choose a harness shape instead of guessing at your architecture.
Practical workflow for better output
Start by asking for the harness shape, then ask for refinements. For example, request a first-pass harness, then follow up with constraints like determinism, input partitioning, or deeper path coverage. If the first version is too shallow, ask it to reorganize parsing logic, expand valid operation coverage, or reduce assumptions about default state. For Code Generation, this two-step workflow usually produces better harnesses than one oversized prompt.
harness-writing skill FAQ
Is harness-writing only for fuzzing experts?
No. The harness-writing skill can help beginners who know the target API and want a structured harness, but it is most valuable when you can describe the system under test clearly. If you cannot name the entry point or explain how the input should be consumed, you will get much weaker results.
How is harness-writing different from a normal code prompt?
A normal prompt may produce a harness-shaped snippet, but harness-writing is aimed at the specific problems that make fuzzing code useful: determinism, coverage, state handling, and valid input decoding. That makes it better for harness-writing for Code Generation when the goal is a real fuzz target, not just sample code.
When should I not use this skill?
Do not use it if you need a broad introduction to fuzzing concepts, if your project is not ready for automated input-driven testing, or if your target cannot be exercised through a stable API. It is also less helpful when the main problem is test environment setup rather than harness design.
What should I read first in the repo?
Read SKILL.md first, then look for the sections that explain key concepts and when to apply the technique. Since this repository is compact, the main value is in understanding the harness-writing logic itself rather than chasing extra files.
How to Improve harness-writing skill
Provide the target shape and constraints up front
The biggest quality jump comes from naming the exact function, object, or protocol boundary you want to fuzz. Include language, expected input type, and any state that must persist across calls. A request like “fuzz a JSON parser constructor in C++ but keep all test cases deterministic and in-memory” is far more useful than a generic ask.
Ask for coverage, not just a compilable harness
The common failure mode is a harness that compiles but only touches one code path. To improve harness-writing, ask it to explain how the harness reaches multiple behaviors, how it avoids invalid setup, and how it keeps crashes reproducible. If you already know hard-to-reach branches, mention them directly so the harness can be shaped around them.
Iterate on invalid input handling and state
After the first draft, check whether the harness over-rejects input, leaks state between iterations, or depends on hidden defaults. If so, ask for a revision that broadens valid operation coverage while preserving determinism. This is especially important for harness-writing usage in libraries with multiple constructors, nested parsers, or stateful APIs.
Use the first draft as a prompt for the second
The best way to improve harness-writing skill output is to treat the first harness as a baseline and then refine around what it missed: deeper branches, stricter side-effect limits, or clearer input partitioning. If you share the generated code and the target API together, the next pass can usually remove guesswork and produce a more reliable fuzz target.