treebuy-best-present
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to invoke the
treebuy-clitool using user-provided descriptions as positional arguments. Specifically, in Step 3, the variable<用戶原始描述>is interpolated directly into the command line. If a user provides input containing shell metacharacters (e.g., semicolons, backticks, or pipes), and the execution environment does not perform strict escaping, this could lead to arbitrary command execution on the host system. - [EXTERNAL_DOWNLOADS]: The installation instructions require the use of
npxto download and install thetreebuy-clitool from the author's GitHub repository (github.com/nandemo-agent/treebuy-cli). This is the vendor's official resource for the skill's functionality. - [PROMPT_INJECTION]: The skill processes untrusted user input which is later used to generate natural language explanations.
- Ingestion points: User description input used in Step 3 and Step 5 of SKILL.md.
- Boundary markers: No delimiters or ignore-instructions are specified for the command-line interpolation or the final output generation.
- Capability inventory: Subprocess execution via
treebuy-cli. - Sanitization: No evidence of input validation, sanitization, or escaping is present in the skill's instructions.
Audit Metadata