semgrep-rule-variant-creator
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions are focused strictly on technical workflows and do not contain any attempts to override agent behavior, bypass safety guidelines, or extract system prompts.
- [DATA_EXFILTRATION]: There is no access to sensitive system files or environment variables. Network activity is limited to fetching documentation from well-known and trusted domains.
- [EXTERNAL_DOWNLOADS]: The skill provides links to official Semgrep documentation and the Trail of Bits security handbook. These references are to well-known technology services and reputable security organizations, and they are used solely for instructional purposes.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard Semgrep commands such as
semgrep --test,semgrep --validate, andsemgrep --dump-ast. These commands are safe and necessary for the intended purpose of rule development and validation. - [PROMPT_INJECTION]: The skill processes user-provided Semgrep rules as input. While this involves handling external data, the workflow includes mandatory validation steps using the Semgrep binary, which mitigates the risk of indirect injection. This aligns with standard developer tool patterns.
Audit Metadata