Skills
skills/urwlee/skill-trae-cn/trae-cn/Gen Agent Trust Hub

trae-cn

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/trae.py to launch the Trae IDE via the open command and to verify installations using brew.
  • [PROMPT_INJECTION]: The skill contains vulnerability surfaces for indirect prompt injection across its project creation and configuration tools.
  • Ingestion points: Untrusted data enters the skill via command arguments like --name, --prompt, and --command in scripts/trae.py, as well as tool arguments in scripts/mcp_server.py.
  • Boundary markers: No delimiters or instructions are used to distinguish user input from the skill's own logic or templates.
  • Capability inventory: The skill can perform directory creation (os.makedirs), file writing (open().write()), and command execution (subprocess.run).
  • Sanitization: There is no validation or sanitization of user-provided strings before they are used to generate file paths, file contents, or IDE configuration files. Specifically, configure_mcp allows the creation of configuration files in ~/.trae/mcp/ containing arbitrary execution commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 03:33 AM