Skills
skills/aleister1102/skills/semgrep-rule-creator/Gen Agent Trust Hub

semgrep-rule-creator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its high-privilege capabilities combined with the ingestion of untrusted data. Malicious code snippets or compromised documentation could trick the agent into generating harmful rules or executing unintended commands.\n
  • Ingestion points: Documentation is fetched via WebFetch from multiple external URLs. Local code for analysis is ingested via Read, Grep, and Glob.\n
  • Boundary markers: Absent. There are no instructions to use delimiters or specific prompt engineering techniques to isolate untrusted input from instructions.\n
  • Capability inventory: The skill uses Write and Edit to create files, and Bash to execute the semgrep binary.\n
  • Sanitization: Absent. The workflow does not specify any sanitization or validation of the code snippets before they are used to generate rules.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill mandates fetching documentation from several external domains (semgrep.dev, appsec.guide, github.com/semgrep). While these are legitimate sources for rule-writing guidance, they are not within the predefined TRUST-SCOPE-RULE list of trusted organizations.\n- [COMMAND_EXECUTION] (MEDIUM): The skill core functionality involves using the Bash tool to execute semgrep commands (--test, --dump-ast, -f) on dynamically generated content. This execution path is a risk if the generated rule content is influenced by adversarial data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:01 AM