treehaus
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a version check by fetching metadata from the vendor's official GitHub repository (treehausdev/skills). It also provides instructions for installing the skill via 'npx skills add treehausdev/skills', which fetches resources from the vendor's infrastructure.
- [COMMAND_EXECUTION]: The skill automates the development lifecycle by executing various CLI commands. This includes scaffolding projects with 'create-next-app', managing Git repositories and GitHub authentication with 'gh', and handling deployment and domain configuration via the 'vercel' CLI.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it crawls and extracts data from external websites provided by the user during the intake phase (Phase 1, Step 3).
- Ingestion points: Website crawling of sitemaps and page content (Home, About, Contact, etc.) to extract business information, contact details, and brand assets.
- Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are defined for the data extracted from the crawled pages.
- Capability inventory: The agent possesses significant capabilities, including file system access, network requests, and the ability to execute shell commands ('npx', 'git', 'gh', 'vercel').
- Sanitization: There is no evidence of sanitization or validation of the content crawled from external sites before it is interpreted by the agent for project generation.
Audit Metadata