moai-tool-ast-grep
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the ast-grep CLI tool using official and well-known package managers including Homebrew, NPM (@ast-grep/cli), and Cargo. These are standard distribution channels for this utility.
- [PROMPT_INJECTION]: The skill facilitates the processing of source code, which serves as a potential surface for indirect prompt injection. * Ingestion points: External source code files are parsed during structural search and scanning operations in SKILL.md. * Boundary markers: No specific delimiters are defined in the instructions to isolate processed code. * Capability inventory: The skill utilizes Bash access scoped specifically to the sg and ast-grep binaries for search and transformation tasks. * Sanitization: The tool performs structural analysis based on AST patterns rather than executing the contents of the files as instructions.
- [SAFE]: The skill provides a robust set of security scanning rules designed to detect common vulnerabilities like SQL injection and hardcoded secrets, which promotes secure coding practices.
Audit Metadata