semgrep
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the semgrep and semgrep-rules-manager Python packages via pip. It also references the official returntocorp/semgrep Docker image for execution.
- [COMMAND_EXECUTION]: The skill requires the Bash tool to execute CLI commands for installing the tool, downloading third-party rules, and performing static analysis on the local file system.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. Ingestion points: The skill reads local source code files via Read, Glob, Grep, and semgrep tools. Boundary markers: No specific delimiters or instructions are provided to ensure the agent ignores potential instructions embedded in the analyzed code. Capability inventory: The agent possesses Bash, Read, Glob, and Grep tools. Sanitization: There is no logic provided to sanitize or validate the content of the files before they are processed by the agent.
Audit Metadata