Trust Assessment
treeline received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned CLI dependency from GitHub releases.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned CLI dependency from GitHub releases The skill manifest instructs the agent to download the 'tl' CLI using the 'latest' tag from GitHub releases. This means the specific version downloaded is not pinned. If the 'treeline-money/treeline' GitHub repository were compromised, a malicious 'latest' release could be published, leading to the installation and execution of arbitrary code on the host system without the agent's knowledge. This constitutes a significant supply chain risk. Pin the 'tl' CLI download URLs to specific, immutable versions (e.g., 'vX.Y.Z') instead of using the 'latest' tag. Additionally, consider implementing checksum verification (e.g., SHA256) for downloaded binaries to ensure their integrity. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/030129de899479fe)
Powered by SkillShield