ast-grep
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- General Analysis (SAFE): The skill serves as a documentation resource for the agent to use
ast-grepeffectively. It covers multiple languages (Go, Python, Bash, Terraform) and focuses on structural search patterns. - Command Execution (SAFE): The skill utilizes the
Bashtool to executesgcommands. These commands are standard search and dry-run replace operations performed on the local codebase. - Data Exposure (SAFE): The skill contains patterns designed to detect hardcoded secrets and security risks (like SQL injection or command injection) in the code being analyzed. It does not contain or exfiltrate any actual credentials.
- Prompt Injection (SAFE): No malicious instructions or attempts to override system prompts or safety filters were detected. The language used is purely instructional for tool usage.
- Indirect Prompt Injection (LOW): As a tool that processes external codebase data, it inherently has an attack surface for indirect prompt injection (where instructions are hidden in the code being searched). However, the skill does not grant excessive privileges or automate execution of found content beyond reporting it.
Audit Metadata