Skills
skills/jwmossmoz/agent-skills/treeherder/Gen Agent Trust Hub

treeherder

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the treeherder-cli tool from a GitHub repository (github.com/padenot/treeherder-cli) and uses uvx to download and run lumberjackth from PyPI.
  • [REMOTE_CODE_EXECUTION]: Instructions involve installing and executing third-party tools using cargo install and the uvx package runner.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI commands (treeherder-cli, lj, uvx, cargo, curl, jq) to query CI status and manage data.
  • [DATA_EXFILTRATION]: Network operations are performed to communicate with treeherder.mozilla.org for fetching logs and build artifacts.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and analyzes untrusted log data from an external CI service.
  • Ingestion points: CI logs and test failure descriptions retrieved from treeherder.mozilla.org (referenced in SKILL.md and references/cli-reference.md).
  • Boundary markers: No explicit delimiters or instructions are used to distinguish log data from agent instructions.
  • Capability inventory: The skill allows for subprocess execution, file system access (artifacts/caching), and network requests.
  • Sanitization: Log content is processed without filtering or sanitization for potential injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:20 PM