treeherder
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs
treeherder-cliviacargo install --git https://github.com/padenot/treeherder-cliand executeslumberjackthviauvx. These sources are not part of the trusted organization whitelist (e.g.,mozilla/).\n- REMOTE_CODE_EXECUTION (MEDIUM): Facilitates the automated download and execution of binaries and packages from external, untrusted repositories. Severity is reduced from HIGH to MEDIUM as this is the skill's primary intended purpose.\n- COMMAND_EXECUTION (LOW): Uses subprocesses to call external CLI tools to perform its primary functions.\n- DATA_EXFILTRATION (LOW): Connects totreeherder.mozilla.orgto retrieve logs and artifacts. While legitimate for its purpose, it involves outbound network requests to a non-whitelisted domain.\n- PROMPT_INJECTION (LOW): Exposed to Indirect Prompt Injection (Category 8) by processing untrusted log data.\n - Ingestion points:
treeherder-cli --fetch-logsandlj errorsfetch external text data from CI logs.\n - Boundary markers: None identified in the provided tool usage instructions.\n
- Capability inventory: Shell command execution capabilities via CLI tools.\n
- Sanitization: No sanitization of external log content is described before processing.
Audit Metadata