treeherder
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
treeherder-clitool from a third-party GitHub repository (github.com/padenot/treeherder-cli) using the Rust cargo package manager and executes thelumberjackthpackage from PyPI viauvx.\n- [COMMAND_EXECUTION]: The skill executes external CLI tools (treeherder-cli,lj) on the host system to query CI data, using arguments such as revision hashes and job IDs derived from user input.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from CI logs and failure summaries fetched from remote servers.\n - Ingestion points: Job logs and error summaries retrieved from
treeherder.mozilla.org.\n - Boundary markers: Absent. The skill does not use specific delimiters to isolate potentially malicious instructions within the fetched data.\n
- Capability inventory: Execution of CLI tools, local file system access for artifact downloads, and network requests to external APIs.\n
- Sanitization: Absent. There is no evidence of sanitization or filtering of the fetched content before it is processed by the agent.
Audit Metadata