moai-tool-ast-grep
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation recommends installing the
ast-greptool via Homebrew, npm (@ast-grep/cli), and Cargo. While these are reputable package managers, theast-greporganization and repository are not included in the predefined trusted list. The severity is downgraded to LOW as these downloads are essential for the primary purpose of the skill. - [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands such as
sg runandsg scan. These commands are used to process and transform local files, which is consistent with the skill's functionality. - [PROMPT_INJECTION] (LOW): This finding identifies a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The
ast-greptool processes local source code files (e.g.,src/,rules.yml) which may originate from untrusted external sources. - Boundary markers: Absent. The skill provides no instructions for the agent to use delimiters or ignore instructions within the analyzed code.
- Capability inventory: The skill uses
Bashto invokesgfor pattern matching and automated rewrites. - Sanitization: Absent. External code is processed and matched against AST patterns without pre-validation of the code's content or safety.
- [CREDENTIALS_UNSAFE] (SAFE): Examples in
modules/security-rules.mdcontain patterns likeapiKey: "$$$KEY". These are structural templates for detection rules rather than actual hardcoded credentials.
Audit Metadata